------------------------------------------------------------------- Thu May 2 13:24:11 UTC 2024 - Fridrich Strba - Modified patch: * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + remove unused List variable that was originally used for debugging purposes ------------------------------------------------------------------- Mon Apr 29 11:44:13 UTC 2024 - Fridrich Strba - The binaries are compatible with java 1.8 ------------------------------------------------------------------- Tue Apr 16 13:55:05 UTC 2024 - Fridrich Strba - Upgrade to upstrem version 2.2 * Changes of 2.2 + Define default scalar style as PLAIN (for polyglot Maven) + Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java * Changes of 2.1 + Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead. Fixes 1075. + Use identity in toString() for sequences to avoid OutOfMemoryError. Fixes 1064. + NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version. Fixes 1061. + Document size limit should be applied to single document not the whole input stream. Fixes 1065. + Detect invalid Unicode code point (thanks to Tatu Saloranta). Fixes 576. + Remove Trusted*Inspector classes from main sources tree * Changes of 2.0 + Rollback to Java 7 target. Fixes 570. + Add module-info.java. Fixes 495. + Migrate to Java 8 + Remove many deprecated constructors + Remove long deprecated methods in FlowStyle + Do not allow global tags by default. Fixes 565. + Yaml.LoadAs() signature to support Class type instead of Class. Fixes 556. + CustomClassLoaderConstructor takes LoaderOptions + Check input parameters for non-null values - Removed patch: * 0003-Fix-ReaderBomTest.patch + not needed - Modified patches: * 0001-replace-bundled-base64coder-with-java.util.Base64.patch -> 0001-Remove-external-Base64Coder-and-use-provided-Base64.patch + use the patch integrated for inclusion in 2.3 * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + regenerate and fix tests ------------------------------------------------------------------- Wed Feb 21 17:28:08 UTC 2024 - Fridrich Strba - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Tue Oct 18 07:17:01 UTC 2022 - Fridrich Strba - Fix --with tests build ------------------------------------------------------------------- Mon Oct 17 17:05:58 UTC 2022 - Fridrich Strba - Upgrade to upstream release 1.33 * Fixes + bsc#1204173 + bsc#1203154 (CVE-2022-38752) * Changes of 1.33 + Remove some deprecated unused methods + Fix #555: Fixed Github actions + Fix #553: LoaderOptions.setCodePointLimit() not honored by loadAll() + Fix #554: Always emit numberish strings with quotes * Changes of 1.32 + Fix #543: show the configuration in the test + Fix #531: provide configuration to fail early + Fix #547: Set the limit for incoming data to prevent a CVE report in NIST. By default it is 3MB + Fix #544: Support unescaped unicode characters for double-quoted scalars - Modified patches: * 0001-replace-bundled-base64coder-with-java.util.Base64.patch * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + rebase - Added patch: * 0003-Fix-ReaderBomTest.patch + remove two tests that require unicode boms ------------------------------------------------------------------- Wed Sep 7 07:30:01 UTC 2022 - Fridrich Strba - Upgrade to upstream release 1.31 * Fixes + bsc#1202932 (CVE-2022-25857) + bsc#1203149 (CVE-2022-38749) + bsc#1203153 (CVE-2022-38751) + bsc#1203158 (CVE-2022-38750) * Changes of 1.31 + Fix #539: false positive CVE-2020-13936 (bsc#1183360) + Fix #537: Improved RE for integers + Improve restrictions against DoS attacks + Fix #525: Restrict nested depth for collections to avoid DoS attacks + Fix #522: De-serializing key "on" fails with Exception + Example with Lombok and ENV variable substitution was added + reported issue with trailing TAB + fixes for reading and writing comments * Changes of 1.30 + Migrate to new home: snakeyaml/snakeyaml + fixes for reading and writing comments + Fix #506: Improve parsing a number starting with 0x * Changes of 1.29 + fixes for reading and writing comments - Modified patches: * 0001-replace-bundled-base64coder-with-java.util.Base64.patch * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + rebase ------------------------------------------------------------------- Sat May 15 17:33:53 UTC 2021 - Fridrich Strba - Upgrade to upstream release 1.28 * Fixes bsc#1159488, bsc#1186088, CVE-2017-18640 * Changes of 1.28 + Add possibility to construct enum with case sensitivity + Fix #493: substitution default can contain special characters + Add possibility to read and write comments + Fix #485: Alias names are too permissive compared to libyaml and future spec * Changes of 1.27 + Update #307: add example + Add: build with CI on github + Fix #481: Serialize anchors that are not used by any alias + Fix #416: Improve dumping sequences + Fix #480: Anchor allows non ASCII characters while dumping + Fix #476: Make constructor of EnvScalarConstructor public + Fix #474: Parse the value of byte and short after a narrowing primitive conversion + Fix yet another OWASP false positive. It complains that the Spring controller makes SnakeYAML insecure even though SnakeYAML does not use Spring controller and does not depend on Spring (but the tests do). Bump spring.version from 3.2.17.RELEASE to 5.2.4.RELEASE + Migrated from hg to git * Changes of 1.26 + Fix #377: Allow configuration for preventing billion laughs attack + Add: parse ENV variables similar to how it works for docker-compose + Fix #468: Allow non ASCII characters in the anchor names + Add: expose Event.ID in Event via a getter + Fix #454: Add example for integer without time pattern - Removed patch: * 0003-fix-broken-test.patch + not needed since integrated upstream - Modified patch: * 0001-replace-bundled-base64coder-with-java.util.Base64.patch * rediff to changed context ------------------------------------------------------------------- Sun Nov 10 05:55:34 UTC 2019 - Fridrich Strba - Upgrade to upstream release 1.25 * Changes of 1.25 + Fix #441: Restore the way to get anchor for a Node + Fix #437: Introduce setting to keep !!str tag for String even when it contains non-printable chars + Update plugin versions * Changes of 1.24 + BaseConstructor: Factored out postponed mapping logic so subclasses can effectively override constructMapping2ndStep() and delegate to the postponed mapping logic + Fix #431: Customize simple key length when dumping + Fix #430: Wrap runtime exceptions into YAMLException. + Fix: Null tag constructor not called when parsing top-level null value. + Fix #429: Provide "Automatic-Module-Name" entry in MANIFEST + Fix #426: Fix NPE when duplicate keys are not allowed and the key is null + Apply pull request #41: Support java.sql classes without the need to depend on java.sql module in java9+ + Update: Java 7 is required. + Fix #423: Date Serialization Fails for TimeZones on Daylight Savings Time * Changes of 1.23 + Update: run tests under Java 11. This is the last release to support Java 6. As of the next release Java 7 will be required. + Fix #412: Restore the Boolean constructors for Events and Nodes for binary compatibility of dependent projects + Fix #411: System Property "java.runtime.name" is not required to be defined + Fix #409: Dumping Enum breaks when Enum value is Anonymous inner class * Changes of 1.21 + Update: Scanner.peekToken() and Scanner.getToken() throw exception instead of returning null + Update: Enhance output of token IDs + Update: Mark - expose buffer and pointer + Update: Improvements in the Bitbucket pipeline + Fix #397: Plain scalars with colons in flow sequences/mappings are valid YAML. This change follows what happens with PyYAML and libyaml (thanks to developers from the YAML community) * Changes of 1.20 + Fix #393: Improve reflective access operation to avoid warning under Java 9 + Hold #397: because of the inconsistent corner cases the ':' is not yet allowed in a flow context + Refactor nodes and events - use enum FlowStyle instead of Boolean (minor backwards-incompatible change) + Refactor ScalarToken, ScalarNode and ScalarEvent - use enum ScalarStyle instead of Character (minor backwards-incompatible change) + Refactor Mark - remove unused code (minor backwards-incompatible change) + Fix #395 and #394: Introduce DuplicateKeyException and report line number for duplicate keys when creating non-Javabeans * Changes of 1.19 + Apply pull request #22: Only use FIELD access for Android in PropertyUtils + Apply pull request #27: Add getAnnotations() and getAnnotation() methods to Property. + Apply pull request #26 and fix #383: Some configuration properties of Representer were ignored. + Fix issue #386:Fix order of duplicate keys indices to prevent wrong removals. + Update: major improvement when parsing JavaBeans. + Fix issue #382 and #322: MethodProperty should check for generic type in getters and setters. + Fix issue #377: Add test for billion laughs attack. + Fix issue #368: Relax final restriction on TypeDescription. + Fix issue #375: Empty YAML file must return null instead of throwing an exception when loading a JavaBean. + Fix issue #374: Localization settings (e.g. fr_CA) convert Number type floats to ints. + Apply pull request #20: Provide access to node's anchor + Fix issue #370: Remove redundant "Bundle-RequiredExecutionEnvironment: J2SE-1.5" + Fix issue #364: Serializing Calendar objects with certain timezone offsets renders invalid YAML * Changes of 1.18 + Add: create Android artifact with android classifier + Fix issue #358: Validate DumperOptions to prevent invalid YAML to be dumped. + Fix issue #355: Fix for emitter to split long plain string scalars over multiple lines. + Apply pull request #13: Let Mark implement Serializable so that ParserException can be serialized + Fix issue #337: Throw exception in case of duplicate keys when LoaderOptions.allowDuplicateKeys is false. + Fix issue #351: Keep same nodes order on merge (preprocess keys for MappingNode and remove duplicates keeping the last one). + Fix issue #349: Ignore white spaces for base64 encoded scalar + Fix issue #348: Not removing parent object when composed object is an anchor + Fix issue #323: Support "Miscellaneous Symbols and Pictographs". This fix introduces minor backwards-incompatible changes - some of the methods have been renamed. This fixes also long standing issue with iOS emoji + Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters if it contains 'null' as a key + Update plugin versions - Removed patch: * 0001-Replace-bundled-base64-implementation.patch + replaced by other implementation - Modified patch: * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + Rediff to changed context - Added patches: * 0001-replace-bundled-base64coder-with-java.util.Base64.patch + Replace with internal jdk8+ implementation * 0003-fix-broken-test.patch + fix a broken test ------------------------------------------------------------------- Fri Mar 1 06:32:02 UTC 2019 - Fridrich Strba - Packaging of snakeyaml 1.17 based on Fedora package - Generated and customized ant build file - Removed patch: * snakeyaml-1.10-jdk9.patch + not needed any more ------------------------------------------------------------------- Thu Nov 02 13:12:11 UTC 2017 - jgonzalez@suse.com - Fix build with java9 - Add: * snakeyaml-1.10-jdk9.patch ------------------------------------------------------------------- Tue Jul 1 13:06:37 UTC 2014 - mseidl@suse.de - modified for sle12 ------------------------------------------------------------------- Fri Nov 18 01:48:56 CET 2011 - ro@suse.de - explicitly add java-devel to buildrequires ------------------------------------------------------------------- Fri Aug 26 14:55:26 UTC 2011 - bmaryniuk@suse.com - Removed bootstrap binaries. ------------------------------------------------------------------- Fri Aug 26 14:32:27 UTC 2011 - bmaryniuk@suse.com - Initial build with a bootstrap binaries.