Sync from SUSE:SLFO:Main plexus-archiver revision a36e34c5ca2239e9bf3ccf8306922e80

This commit is contained in:
Adrian Schröter 2024-05-03 19:23:02 +02:00
commit ef6a917a7d
7 changed files with 516 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,55 @@
From bd1055a190a1a64374f4aeb3bfde138d9c3d965f Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Sat, 23 Sep 2017 11:43:45 +0200
Subject: [PATCH] Remove support for snappy
---
src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java | 3 +--
src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java
index 398ecf1..0d46cfc 100644
--- a/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java
+++ b/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java
@@ -42,7 +42,6 @@
import org.codehaus.plexus.components.io.resources.PlexusIoResource;
import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;
-import org.iq80.snappy.SnappyOutputStream;
import static org.codehaus.plexus.archiver.util.Streams.bufferedOutputStream;
@@ -426,7 +425,7 @@ else if ( TarCompressionMethod.bzip2.equals( tarCompressionMethod ) )
} else if (TarCompressionMethod.bzip2.equals(tarCompressionMethod)) {
return new BZip2CompressorOutputStream(bufferedOutputStream(ostream));
} else if (TarCompressionMethod.snappy.equals(tarCompressionMethod)) {
- return new SnappyOutputStream(bufferedOutputStream(ostream));
+ throw new UnsupportedOperationException( "This version of plexus-archiver does not support snappy compression" );
} else if (TarCompressionMethod.xz.equals(tarCompressionMethod)) {
return new XZCompressorOutputStream(bufferedOutputStream(ostream));
} else if (TarCompressionMethod.zstd.equals(tarCompressionMethod)) {
diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java
index 4bc94a4..15f0494 100644
--- a/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java
+++ b/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java
@@ -32,7 +32,6 @@
import org.codehaus.plexus.archiver.ArchiverException;
import org.codehaus.plexus.archiver.util.Streams;
import org.codehaus.plexus.components.io.filemappers.FileMapper;
-import org.iq80.snappy.SnappyFramedInputStream;
import static org.codehaus.plexus.archiver.util.Streams.bufferedInputStream;
import static org.codehaus.plexus.archiver.util.Streams.fileInputStream;
@@ -137,7 +136,7 @@ else if ( compression == UntarCompressionMethod.BZIP2 )
} else if (compression == UntarCompressionMethod.BZIP2) {
return new BZip2CompressorInputStream(istream);
} else if (compression == UntarCompressionMethod.SNAPPY) {
- return new SnappyFramedInputStream(istream, true);
+ throw new UnsupportedOperationException( "This version of plexus-archiver does not support snappy compression" );
} else if (compression == UntarCompressionMethod.XZ) {
return new XZCompressorInputStream(istream);
} else if (compression == UntarCompressionMethod.ZSTD) {
--
2.13.5

View File

@ -0,0 +1,40 @@
diff -urEbwB plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java
--- plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java 2023-09-04 18:07:46.209959586 +0200
+++ plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java 2023-09-04 18:14:27.122780479 +0200
@@ -29,7 +29,6 @@
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream;
import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream;
-import org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream;
import org.codehaus.plexus.archiver.AbstractArchiver;
import org.codehaus.plexus.archiver.ArchiveEntry;
import org.codehaus.plexus.archiver.ArchiverException;
@@ -429,7 +428,7 @@
} else if (TarCompressionMethod.xz.equals(tarCompressionMethod)) {
return new XZCompressorOutputStream(bufferedOutputStream(ostream));
} else if (TarCompressionMethod.zstd.equals(tarCompressionMethod)) {
- return new ZstdCompressorOutputStream(bufferedOutputStream(ostream));
+ throw new UnsupportedOperationException( "This version of plexus-archiver does not support zstd compression" );
}
return ostream;
diff -urEbwB plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java
--- plexus-archiver-4.8.0.orig/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java 2023-09-04 18:07:46.209959586 +0200
+++ plexus-archiver-4.8.0/src/main/java/org/codehaus/plexus/archiver/tar/TarUnArchiver.java 2023-09-04 18:13:50.092519851 +0200
@@ -27,7 +27,6 @@
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
import org.apache.commons.compress.compressors.xz.XZCompressorInputStream;
-import org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream;
import org.codehaus.plexus.archiver.AbstractUnArchiver;
import org.codehaus.plexus.archiver.ArchiverException;
import org.codehaus.plexus.archiver.util.Streams;
@@ -140,7 +139,7 @@
} else if (compression == UntarCompressionMethod.XZ) {
return new XZCompressorInputStream(istream);
} else if (compression == UntarCompressionMethod.ZSTD) {
- return new ZstdCompressorInputStream(istream);
+ throw new UnsupportedOperationException( "This version of plexus-archiver does not support zstd compression" );
}
return istream;
}

BIN
plexus-archiver-4.8.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

140
plexus-archiver-build.xml Normal file
View File

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="plexus-archiver" default="package" basedir=".">
<!-- ====================================================================== -->
<!-- Build environment properties -->
<!-- ====================================================================== -->
<property file="build.properties"/>
<property name="project.groupId" value="org.codehaus.plexus"/>
<property name="project.artifactId" value="plexus-archiver"/>
<property name="project.version" value="4.8.0"/>
<property name="compiler.source" value="1.8"/>
<property name="compiler.target" value="${compiler.source}"/>
<property name="build.finalName" value="${project.artifactId}-${project.version}"/>
<property name="build.dir" value="target"/>
<property name="build.outputDir" value="${build.dir}/classes"/>
<property name="build.srcDir" value="src/main/java"/>
<property name="reporting.outputDirectory" value="${build.dir}/site"/>
<!-- ====================================================================== -->
<!-- Defining classpaths -->
<!-- ====================================================================== -->
<path id="build.classpath">
<fileset dir="lib">
<include name="**/*"/>
</fileset>
</path>
<!-- ====================================================================== -->
<!-- Cleaning up target -->
<!-- ====================================================================== -->
<target name="clean" description="Clean the output directory">
<delete dir="${build.dir}"/>
</target>
<!-- ====================================================================== -->
<!-- Compilation target -->
<!-- ====================================================================== -->
<target name="compile" description="Compile the code">
<mkdir dir="${build.outputDir}"/>
<javac destdir="${build.outputDir}"
nowarn="false"
debug="true"
encoding="UTF-8"
optimize="false"
deprecation="true"
target="${compiler.target}"
verbose="false"
fork="false"
source="${compiler.source}">
<src>
<pathelement location="${build.srcDir}"/>
</src>
<classpath refid="build.classpath"/>
</javac>
</target>
<!-- ====================================================================== -->
<!-- Sisu javax.inject.Named generation target -->
<!-- ====================================================================== -->
<target name="sisu"
depends="compile"
description="Generate javax.inject.Name index">
<sequential>
<java classname="org.eclipse.sisu.space.SisuIndex"
failonerror="true"
fork="true">
<classpath>
<path refid="build.classpath"/>
</classpath>
<arg value="${build.outputDir}"/>
</java>
<move todir="${build.outputDir}/META-INF">
<fileset dir="META-INF"/>
</move>
</sequential>
</target>
<!-- ====================================================================== -->
<!-- Javadoc target -->
<!-- ====================================================================== -->
<target name="javadoc" description="Generates the Javadoc of the application">
<javadoc sourcepath="${build.srcDir}"
packagenames="*"
destdir="${reporting.outputDirectory}/apidocs"
access="protected"
source="${compiler.source}"
verbose="false"
version="true"
use="true"
author="true"
splitindex="false"
nodeprecated="false"
nodeprecatedlist="false"
notree="false"
noindex="false"
nohelp="false"
nonavbar="false"
serialwarn="false"
encoding="UTF-8"
linksource="false"
breakiterator="false">
<classpath refid="build.classpath"/>
</javadoc>
</target>
<!-- ====================================================================== -->
<!-- Package target -->
<!-- ====================================================================== -->
<target name="package" depends="sisu" description="Package the application">
<jar jarfile="${build.dir}/${build.finalName}.jar"
compress="true"
index="false"
basedir="${build.outputDir}"
excludes="**/package.html">
<manifest>
<attribute name="JavaPackages-ArtifactId" value="${project.artifactId}"/>
<attribute name="JavaPackages-GroupId" value="${project.groupId}"/>
<attribute name="JavaPackages-Version" value="${project.version}"/>
</manifest>
</jar>
</target>
<!-- ====================================================================== -->
<!-- A dummy target for the package named after the type it creates -->
<!-- ====================================================================== -->
<target name="jar" depends="package" description="Builds the jar for the application"/>
</project>

146
plexus-archiver.changes Normal file
View File

@ -0,0 +1,146 @@
-------------------------------------------------------------------
Wed Sep 6 07:09:33 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Update to upstream version 4.8.0
- Changes of 4.8.0
* Security fix
+ Avoid override target symlink by standard file in
AbstractUnArchiver (bsc#1215973, CVE-2023-37460)
* New features and improvements
+ Add tzst alias for tar.zst archiver/unarchived (#274)
* Bug Fixes
+ detect permissions for addFile (#293)
* Maintenance
+ Remove public modifier from JUnit 5 tests (#294)
+ Use https in scm/url (#291)
+ Remove junit-jupiter-engine from project dependencies (#292)
+ Remove parent and reports menu from site (#282)
+ Cleanup after "veryLargeJar" test (#281)
+ Override project.url (#279)
- Changes of 4.7.1
* Bug Fixes
+ don't apply umask on unknown perms (Win) (#273)
- Changes of 4.7.0
* New features and improvements
+ add umask support and use 022 in RB mode (#271)
+ Use NIO Files for creating temporary files (#270)
+ Deprecate the JAR Index feature (JDK-8302819) (#268)
+ Add Archiver aliases for tar.* (#266)
* Maintenance
+ Use JUnit TempDir to manage temporary files in tests (#269)
+ Override uId and gId for Tar in test (#264)
+ Bump maven-resources-plugin from 2.7 to 3.3.1 (#223)
- Changes of 4.6.3
* New features and improvements
+ Fix path traversal vulnerability (#261)
The vulnerability affects only directories whose name begins
with the same prefix as the destination directory. For example
malicious archive may extract file in /opt/directory instead
of /opt/dir.
- Changes of 4.6.2
* Bug Fixes
+ Fix regression in handling symbolic links. See
codehaus-plexus/plexus-io#89
- Changes of 4.6.1
* Bug Fixes
+ Normalize file separators before warning about equal archive
entries (#249)
- Changes of 4.6.0
* New features and improvements
+ keep file/directory permissions in Reproducible Builds
mode (#241)
- Changes of 4.5.0
* New features and improvements
+ Add zstd (un)archiver support (#226)
* Bug Fixes
+ Fix UnArchiver#isOverwrite not working as expected (#229)
Existing files were overridden only if UnArchiver#isOverwrite
was set and the existing files were older than the archive
entry.
Now it works as documented: older files are always overridden;
when UnArchiver#isOverwrite is true, existing files are always
overridden regardless if they are older or not.
- Changes of 4.4.0
* New features and improvements
+ Drop legacy plexus API and use only JSR330 components (#220)
- Changes of 4.3.0
* New features and improvements
+ Require Java 8 (#206)
+ Refactor to use FileTime API (#199)
+ Rename setTime method to setZipEntryTime (#209)
+ Convert InputStreamSupplier to lambdas (#212)
* Bug Fix
+ Reproducible Builds not working when using modular jar (#205)
- Changes of 4.2.7
* New features and improvements
+ Respect order of META-INF/ and META-INF/MANIFEST.MF entries in
a JAR file (#189)
- Changes of 4.2.6
* New features and improvements
+ FileInputStream, FileOutputStream, FileReader and FileWriter
are no longer used (#183)
+ Code cleanup (#172)
- Changes of 4.2.5
* New features and improvements
+ Speed improvements (#157)
* Bug Fixes
+ Fix use of a mismatching Unicode path extra field in zip
unarchiving (#167)
In some cases zip archiver may update the file path but not
the Unicode path extra field. This would result in Plexus
Archiver extracting the file using wrong (obsolete) path.
Now Plexus Archiver follows the specification and in this
case will ignore the extra filed and extract the file in the
correct location.
- Changes of 4.2.4
* Bug Fixes
+ Fix unjustified warning about casing for directory entries
(#155)
- Changes of 4.2.2
* Bug Fixes
+ DirectoryArchiver fails for symlinks if a parent directory
doesn't exist (#131)
- Modified patch:
* 0001-Remove-support-for-snappy.patch
+ rediff to changed context
- Removed patch:
* logger-level.patch
+ not needed any more with this version
- Added patch:
* plexus-archiver-4.8.0-no_zstd.patch
+ Remove support for ZStd compression to reduce the dependency
graph
-------------------------------------------------------------------
Tue May 11 14:50:27 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Do not compile the test build against the legacy guava20 any more
-------------------------------------------------------------------
Sun Nov 24 14:42:08 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 4.2.1
- Modified patch:
* 0001-Remove-support-for-snappy.patch
+ rediff to changed context
-------------------------------------------------------------------
Mon Apr 1 23:12:20 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Describe package, not the project vision.
-------------------------------------------------------------------
Fri Mar 8 07:53:43 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of plexus-archiver 3.6.0
- Generate and customize ant build file
- Make running of tests optional
- Added patches:
* 0001-Remove-support-for-snappy.patch
+ When built without snappy support and trying to use Snappy,
throw UnsupportedOperationException
* logger-level.patch
+ Cast the result of getContainer() call, because the
getLoggerManager() method is not a method of the
PlexusContainer interface, but of the DefaultPlexusContainer
implementation

109
plexus-archiver.spec Normal file
View File

@ -0,0 +1,109 @@
#
# spec file for package plexus-archiver
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: plexus-archiver
Version: 4.8.0
Release: 0
Summary: Plexus Archiver Component
License: Apache-2.0
Group: Development/Libraries/Java
URL: https://codehaus-plexus.github.io/plexus-archiver
Source0: https://github.com/codehaus-plexus/plexus-archiver/archive/plexus-archiver-%{version}.tar.gz
Source1: %{name}-build.xml
Patch0: 0001-Remove-support-for-snappy.patch
Patch1: plexus-archiver-4.8.0-no_zstd.patch
BuildRequires: ant
BuildRequires: apache-commons-compress
BuildRequires: apache-commons-io
BuildRequires: atinject
BuildRequires: fdupes
BuildRequires: javapackages-local >= 6
BuildRequires: jsr-305
BuildRequires: plexus-io >= 3.2
BuildRequires: plexus-utils >= 3.3
BuildRequires: sisu-inject
BuildRequires: slf4j
BuildRequires: xz-java
BuildArch: noarch
%description
Plexus contains end-to-end developer tools for writing applications.
At the core is the container, which can be embedded or for an
application server. There are many reusable components for hibernate,
form processing, jndi, i18n, velocity, etc. Plexus also includes an
application server which is like a J2EE application server.
%package javadoc
Summary: Javadoc for %{name}
Group: Documentation/HTML
%description javadoc
Javadoc for %{name}.
%prep
%setup -q -n %{name}-%{name}-%{version}
cp %{SOURCE1} build.xml
%patch0 -p1
%pom_remove_dep org.iq80.snappy:snappy
rm -rf src/main/java/org/codehaus/plexus/archiver/snappy
rm -rf src/test/java/org/codehaus/plexus/archiver/snappy
rm -f src/main/java/org/codehaus/plexus/archiver/tar/SnappyTarFile.java
rm -f src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTarSnappyFileResourceCollection.java
rm -r src/test/java/org/codehaus/plexus/archiver/tar/TarSnappyUnArchiverTest.java
%patch1 -p1
%pom_remove_dep com.github.luben:zstd-jni
rm -rf src/main/java/org/codehaus/plexus/archiver/zstd
rm -rf src/test/java/org/codehaus/plexus/archiver/zstd
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTZstdFileResourceCollection.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/ZstdTarFile.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TZstdUnArchiver.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TZstdArchiver.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TarZstdUnArchiver.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/PlexusIoTarZstdFileResourceCollection.java
rm -rf src/main/java/org/codehaus/plexus/archiver/tar/TarZstdArchiver.java
rm -rf src/test/java/org/codehaus/plexus/archiver/tar/TarZstdUnArchiverTest.java
%build
mkdir -p lib
build-jar-repository -s lib atinject slf4j/api org.eclipse.sisu.inject jsr-305 commons-compress commons-io plexus/utils plexus/io
%{ant} \
jar javadoc
%install
# jar
install -dm 0755 %{buildroot}%{_javadir}/plexus
install -pm 0644 target/%{name}-%{version}.jar %{buildroot}%{_javadir}/plexus/archiver.jar
# pom
install -dm 0755 %{buildroot}%{_mavenpomdir}/plexus
%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/plexus/archiver.pom
%add_maven_depmap plexus/archiver.pom plexus/archiver.jar
# javadoc
install -dm 0755 %{buildroot}%{_javadocdir}/%{name}
cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}/
%fdupes -s %{buildroot}%{_javadocdir}
%files -f .mfiles
%license LICENSE
%files javadoc
%license LICENSE
%{_javadocdir}/%{name}
%changelog