From ef6a917a7dd77e351f0ae4cb9bdb74cc8bd037815b3f92af1dbf481b90e8ca5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 19:23:02 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main plexus-archiver revision a36e34c5ca2239e9bf3ccf8306922e80 --- .gitattributes | 23 +++++ 0001-Remove-support-for-snappy.patch | 55 ++++++++++ plexus-archiver-4.8.0-no_zstd.patch | 40 ++++++++ plexus-archiver-4.8.0.tar.gz | 3 + plexus-archiver-build.xml | 140 +++++++++++++++++++++++++ plexus-archiver.changes | 146 +++++++++++++++++++++++++++ plexus-archiver.spec | 109 ++++++++++++++++++++ 7 files changed, 516 insertions(+) create mode 100644 .gitattributes create mode 100644 0001-Remove-support-for-snappy.patch create mode 100644 plexus-archiver-4.8.0-no_zstd.patch create mode 100644 plexus-archiver-4.8.0.tar.gz create mode 100644 plexus-archiver-build.xml create mode 100644 plexus-archiver.changes create mode 100644 plexus-archiver.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-Remove-support-for-snappy.patch b/0001-Remove-support-for-snappy.patch new file mode 100644 index 0000000..a52b44e --- /dev/null +++ b/0001-Remove-support-for-snappy.patch @@ -0,0 +1,55 @@ +From bd1055a190a1a64374f4aeb3bfde138d9c3d965f Mon Sep 17 00:00:00 2001 +From: Mikolaj Izdebski +Date: Sat, 23 Sep 2017 11:43:45 +0200 +Subject: [PATCH] Remove support for snappy + +--- + src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java | 3 +-- + src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java +index 398ecf1..0d46cfc 100644 +--- a/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java ++++ b/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java +@@ -42,7 +42,6 @@ + import org.codehaus.plexus.components.io.resources.PlexusIoResource; + import org.codehaus.plexus.util.IOUtil; + import org.codehaus.plexus.util.StringUtils; +-import org.iq80.snappy.SnappyOutputStream; + + import static org.codehaus.plexus.archiver.util.Streams.bufferedOutputStream; + +@@ -426,7 +425,7 @@ else if ( TarCompressionMethod.bzip2.equals( tarCompressionMethod ) ) + } else if (TarCompressionMethod.bzip2.equals(tarCompressionMethod)) { + return new BZip2CompressorOutputStream(bufferedOutputStream(ostream)); + } else if (TarCompressionMethod.snappy.equals(tarCompressionMethod)) { +- return new SnappyOutputStream(bufferedOutputStream(ostream)); ++ throw new UnsupportedOperationException( "This version of plexus-archiver does not support snappy compression" ); + } else if (TarCompressionMethod.xz.equals(tarCompressionMethod)) { + return new XZCompressorOutputStream(bufferedOutputStream(ostream)); + } else if (TarCompressionMethod.zstd.equals(tarCompressionMethod)) { +diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java +index 4bc94a4..15f0494 100644 +--- a/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java ++++ b/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java +@@ -32,7 +32,6 @@ + import org.codehaus.plexus.archiver.ArchiverException; + import org.codehaus.plexus.archiver.util.Streams; + import org.codehaus.plexus.components.io.filemappers.FileMapper; +-import org.iq80.snappy.SnappyFramedInputStream; + + import static org.codehaus.plexus.archiver.util.Streams.bufferedInputStream; + import static org.codehaus.plexus.archiver.util.Streams.fileInputStream; +@@ -137,7 +136,7 @@ else if ( compression == UntarCompressionMethod.BZIP2 ) + } else if (compression == UntarCompressionMethod.BZIP2) { + return new BZip2CompressorInputStream(istream); + } else if (compression == UntarCompressionMethod.SNAPPY) { +- return new SnappyFramedInputStream(istream, true); ++ throw new UnsupportedOperationException( "This version of plexus-archiver does not support snappy compression" ); + } else if (compression == UntarCompressionMethod.XZ) { + return new XZCompressorInputStream(istream); + } else if (compression == UntarCompressionMethod.ZSTD) { +-- +2.13.5 + diff --git a/plexus-archiver-4.8.0-no_zstd.patch b/plexus-archiver-4.8.0-no_zstd.patch new file mode 100644 index 0000000..a6560c9 --- /dev/null +++ b/plexus-archiver-4.8.0-no_zstd.patch @@ -0,0 +1,40 @@ +diff -urEbwB plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java +--- plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java 2023-09-04 18:07:46.209959586 +0200 ++++ plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java 2023-09-04 18:14:27.122780479 +0200 +@@ -29,7 +29,6 @@ + import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; + import org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream; + import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream; +-import org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream; + import org.codehaus.plexus.archiver.AbstractArchiver; + import org.codehaus.plexus.archiver.ArchiveEntry; + import org.codehaus.plexus.archiver.ArchiverException; +@@ -429,7 +428,7 @@ + } else if (TarCompressionMethod.xz.equals(tarCompressionMethod)) { + return new XZCompressorOutputStream(bufferedOutputStream(ostream)); + } else if (TarCompressionMethod.zstd.equals(tarCompressionMethod)) { +- return new ZstdCompressorOutputStream(bufferedOutputStream(ostream)); ++ throw new UnsupportedOperationException( "This version of plexus-archiver does not support zstd compression" ); + } + + return ostream; +diff -urEbwB plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java +--- plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java 2023-09-04 18:07:46.209959586 +0200 ++++ plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java 2023-09-04 18:13:50.092519851 +0200 +@@ -27,7 +27,6 @@ + import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; + import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream; + import org.apache.commons.compress.compressors.xz.XZCompressorInputStream; +-import org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream; + import org.codehaus.plexus.archiver.AbstractUnArchiver; + import org.codehaus.plexus.archiver.ArchiverException; + import org.codehaus.plexus.archiver.util.Streams; +@@ -140,7 +139,7 @@ + } else if (compression == UntarCompressionMethod.XZ) { + return new XZCompressorInputStream(istream); + } else if (compression == UntarCompressionMethod.ZSTD) { +- return new ZstdCompressorInputStream(istream); ++ throw new UnsupportedOperationException( "This version of plexus-archiver does not support zstd compression" ); + } + return istream; + } diff --git a/plexus-archiver-4.8.0.tar.gz b/plexus-archiver-4.8.0.tar.gz new file mode 100644 index 0000000..9bbae1e --- /dev/null +++ b/plexus-archiver-4.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:36d3d9d1459c703ea41650d5aabf3f510bac4eb2df64e8da9cbabf59190d4eb2 +size 583483 diff --git a/plexus-archiver-build.xml b/plexus-archiver-build.xml new file mode 100644 index 0000000..df34a77 --- /dev/null +++ b/plexus-archiver-build.xml @@ -0,0 +1,140 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/plexus-archiver.changes b/plexus-archiver.changes new file mode 100644 index 0000000..00f1522 --- /dev/null +++ b/plexus-archiver.changes @@ -0,0 +1,146 @@ +------------------------------------------------------------------- +Wed Sep 6 07:09:33 UTC 2023 - Fridrich Strba + +- Update to upstream version 4.8.0 +- Changes of 4.8.0 + * Security fix + + Avoid override target symlink by standard file in + AbstractUnArchiver (bsc#1215973, CVE-2023-37460) + * New features and improvements + + Add tzst alias for tar.zst archiver/unarchived (#274) + * Bug Fixes + + detect permissions for addFile (#293) + * Maintenance + + Remove public modifier from JUnit 5 tests (#294) + + Use https in scm/url (#291) + + Remove junit-jupiter-engine from project dependencies (#292) + + Remove parent and reports menu from site (#282) + + Cleanup after "veryLargeJar" test (#281) + + Override project.url (#279) +- Changes of 4.7.1 + * Bug Fixes + + don't apply umask on unknown perms (Win) (#273) +- Changes of 4.7.0 + * New features and improvements + + add umask support and use 022 in RB mode (#271) + + Use NIO Files for creating temporary files (#270) + + Deprecate the JAR Index feature (JDK-8302819) (#268) + + Add Archiver aliases for tar.* (#266) + * Maintenance + + Use JUnit TempDir to manage temporary files in tests (#269) + + Override uId and gId for Tar in test (#264) + + Bump maven-resources-plugin from 2.7 to 3.3.1 (#223) +- Changes of 4.6.3 + * New features and improvements + + Fix path traversal vulnerability (#261) + The vulnerability affects only directories whose name begins + with the same prefix as the destination directory. For example + malicious archive may extract file in /opt/directory instead + of /opt/dir. +- Changes of 4.6.2 + * Bug Fixes + + Fix regression in handling symbolic links. See + codehaus-plexus/plexus-io#89 +- Changes of 4.6.1 + * Bug Fixes + + Normalize file separators before warning about equal archive + entries (#249) +- Changes of 4.6.0 + * New features and improvements + + keep file/directory permissions in Reproducible Builds + mode (#241) +- Changes of 4.5.0 + * New features and improvements + + Add zstd (un)archiver support (#226) + * Bug Fixes + + Fix UnArchiver#isOverwrite not working as expected (#229) + Existing files were overridden only if UnArchiver#isOverwrite + was set and the existing files were older than the archive + entry. + Now it works as documented: older files are always overridden; + when UnArchiver#isOverwrite is true, existing files are always + overridden regardless if they are older or not. +- Changes of 4.4.0 + * New features and improvements + + Drop legacy plexus API and use only JSR330 components (#220) +- Changes of 4.3.0 + * New features and improvements + + Require Java 8 (#206) + + Refactor to use FileTime API (#199) + + Rename setTime method to setZipEntryTime (#209) + + Convert InputStreamSupplier to lambdas (#212) + * Bug Fix + + Reproducible Builds not working when using modular jar (#205) +- Changes of 4.2.7 + * New features and improvements + + Respect order of META-INF/ and META-INF/MANIFEST.MF entries in + a JAR file (#189) +- Changes of 4.2.6 + * New features and improvements + + FileInputStream, FileOutputStream, FileReader and FileWriter + are no longer used (#183) + + Code cleanup (#172) +- Changes of 4.2.5 + * New features and improvements + + Speed improvements (#157) + * Bug Fixes + + Fix use of a mismatching Unicode path extra field in zip + unarchiving (#167) + In some cases zip archiver may update the file path but not + the Unicode path extra field. This would result in Plexus + Archiver extracting the file using wrong (obsolete) path. + Now Plexus Archiver follows the specification and in this + case will ignore the extra filed and extract the file in the + correct location. +- Changes of 4.2.4 + * Bug Fixes + + Fix unjustified warning about casing for directory entries + (#155) +- Changes of 4.2.2 + * Bug Fixes + + DirectoryArchiver fails for symlinks if a parent directory + doesn't exist (#131) +- Modified patch: + * 0001-Remove-support-for-snappy.patch + + rediff to changed context +- Removed patch: + * logger-level.patch + + not needed any more with this version +- Added patch: + * plexus-archiver-4.8.0-no_zstd.patch + + Remove support for ZStd compression to reduce the dependency + graph + +------------------------------------------------------------------- +Tue May 11 14:50:27 UTC 2021 - Fridrich Strba + +- Do not compile the test build against the legacy guava20 any more + +------------------------------------------------------------------- +Sun Nov 24 14:42:08 UTC 2019 - Fridrich Strba + +- Upgrade to version 4.2.1 +- Modified patch: + * 0001-Remove-support-for-snappy.patch + + rediff to changed context + +------------------------------------------------------------------- +Mon Apr 1 23:12:20 UTC 2019 - Jan Engelhardt + +- Describe package, not the project vision. + +------------------------------------------------------------------- +Fri Mar 8 07:53:43 UTC 2019 - Fridrich Strba + +- Initial packaging of plexus-archiver 3.6.0 +- Generate and customize ant build file +- Make running of tests optional +- Added patches: + * 0001-Remove-support-for-snappy.patch + + When built without snappy support and trying to use Snappy, + throw UnsupportedOperationException + * logger-level.patch + + Cast the result of getContainer() call, because the + getLoggerManager() method is not a method of the + PlexusContainer interface, but of the DefaultPlexusContainer + implementation diff --git a/plexus-archiver.spec b/plexus-archiver.spec new file mode 100644 index 0000000..82d3792 --- /dev/null +++ b/plexus-archiver.spec @@ -0,0 +1,109 @@ +# +# spec file for package plexus-archiver +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: plexus-archiver +Version: 4.8.0 +Release: 0 +Summary: Plexus Archiver Component +License: Apache-2.0 +Group: Development/Libraries/Java +URL: https://codehaus-plexus.github.io/plexus-archiver +Source0: https://github.com/codehaus-plexus/plexus-archiver/archive/plexus-archiver-%{version}.tar.gz +Source1: %{name}-build.xml +Patch0: 0001-Remove-support-for-snappy.patch +Patch1: plexus-archiver-4.8.0-no_zstd.patch +BuildRequires: ant +BuildRequires: apache-commons-compress +BuildRequires: apache-commons-io +BuildRequires: atinject +BuildRequires: fdupes +BuildRequires: javapackages-local >= 6 +BuildRequires: jsr-305 +BuildRequires: plexus-io >= 3.2 +BuildRequires: plexus-utils >= 3.3 +BuildRequires: sisu-inject +BuildRequires: slf4j +BuildRequires: xz-java +BuildArch: noarch + +%description +Plexus contains end-to-end developer tools for writing applications. +At the core is the container, which can be embedded or for an +application server. There are many reusable components for hibernate, +form processing, jndi, i18n, velocity, etc. Plexus also includes an +application server which is like a J2EE application server. + +%package javadoc +Summary: Javadoc for %{name} +Group: Documentation/HTML + +%description javadoc +Javadoc for %{name}. + +%prep +%setup -q -n %{name}-%{name}-%{version} +cp %{SOURCE1} build.xml + +%patch0 -p1 +%pom_remove_dep org.iq80.snappy:snappy +rm -rf src/main/java/org/codehaus/plexus/archiver/snappy +rm -rf src/test/java/org/codehaus/plexus/archiver/snappy +rm -f src/main/java/org/codehaus/plexus/archiver/tar/SnappyTarFile.java +rm -f src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTarSnappyFileResourceCollection.java +rm -r src/test/java/org/codehaus/plexus/archiver/tar/TarSnappyUnArchiverTest.java + +%patch1 -p1 +%pom_remove_dep com.github.luben:zstd-jni +rm -rf src/main/java/org/codehaus/plexus/archiver/zstd +rm -rf src/test/java/org/codehaus/plexus/archiver/zstd +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTZstdFileResourceCollection.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/ZstdTarFile.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TZstdUnArchiver.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TZstdArchiver.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TarZstdUnArchiver.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTarZstdFileResourceCollection.java +rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TarZstdArchiver.java +rm -rf src/test/java/org/codehaus/plexus/archiver/tar/TarZstdUnArchiverTest.java + +%build +mkdir -p lib +build-jar-repository -s lib atinject slf4j/api org.eclipse.sisu.inject jsr-305 commons-compress commons-io plexus/utils plexus/io +%{ant} \ + jar javadoc + +%install +# jar +install -dm 0755 %{buildroot}%{_javadir}/plexus +install -pm 0644 target/%{name}-%{version}.jar %{buildroot}%{_javadir}/plexus/archiver.jar +# pom +install -dm 0755 %{buildroot}%{_mavenpomdir}/plexus +%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/plexus/archiver.pom +%add_maven_depmap plexus/archiver.pom plexus/archiver.jar +# javadoc +install -dm 0755 %{buildroot}%{_javadocdir}/%{name} +cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}/ +%fdupes -s %{buildroot}%{_javadocdir} + +%files -f .mfiles +%license LICENSE + +%files javadoc +%license LICENSE +%{_javadocdir}/%{name} + +%changelog