256 lines
11 KiB
Plaintext
256 lines
11 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Oct 18 07:17:01 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Fix --with tests build
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 17 17:05:58 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to upstream release 1.33
|
|
* Fixes
|
|
+ bsc#1204173
|
|
+ bsc#1203154 (CVE-2022-38752)
|
|
* Changes of 1.33
|
|
+ Remove some deprecated unused methods
|
|
+ Fix #555: Fixed Github actions
|
|
+ Fix #553: LoaderOptions.setCodePointLimit() not honored by
|
|
loadAll()
|
|
+ Fix #554: Always emit numberish strings with quotes
|
|
* Changes of 1.32
|
|
+ Fix #543: show the configuration in the test
|
|
+ Fix #531: provide configuration to fail early
|
|
+ Fix #547: Set the limit for incoming data to prevent a CVE
|
|
report in NIST. By default it is 3MB
|
|
+ Fix #544: Support unescaped unicode characters for
|
|
double-quoted scalars
|
|
- Modified patches:
|
|
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch
|
|
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
|
|
+ rebase
|
|
- Added patch:
|
|
* 0003-Fix-ReaderBomTest.patch
|
|
+ remove two tests that require unicode boms
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 7 07:30:01 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to upstream release 1.31
|
|
* Fixes
|
|
+ bsc#1202932 (CVE-2022-25857)
|
|
+ bsc#1203149 (CVE-2022-38749)
|
|
+ bsc#1203153 (CVE-2022-38751)
|
|
+ bsc#1203158 (CVE-2022-38750)
|
|
* Changes of 1.31
|
|
+ Fix #539: false positive CVE-2020-13936 (bsc#1183360)
|
|
+ Fix #537: Improved RE for integers
|
|
+ Improve restrictions against DoS attacks
|
|
+ Fix #525: Restrict nested depth for collections to avoid DoS
|
|
attacks
|
|
+ Fix #522: De-serializing key "on" fails with Exception
|
|
+ Example with Lombok and ENV variable substitution was added
|
|
+ reported issue with trailing TAB
|
|
+ fixes for reading and writing comments
|
|
* Changes of 1.30
|
|
+ Migrate to new home: snakeyaml/snakeyaml
|
|
+ fixes for reading and writing comments
|
|
+ Fix #506: Improve parsing a number starting with 0x
|
|
* Changes of 1.29
|
|
+ fixes for reading and writing comments
|
|
- Modified patches:
|
|
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch
|
|
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
|
|
+ rebase
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 15 17:33:53 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to upstream release 1.28
|
|
* Fixes bsc#1159488, bsc#1186088, CVE-2017-18640
|
|
* Changes of 1.28
|
|
+ Add possibility to construct enum with case sensitivity
|
|
+ Fix #493: substitution default can contain special characters
|
|
+ Add possibility to read and write comments
|
|
+ Fix #485: Alias names are too permissive compared to libyaml
|
|
and future spec
|
|
* Changes of 1.27
|
|
+ Update #307: add example
|
|
+ Add: build with CI on github
|
|
+ Fix #481: Serialize anchors that are not used by any alias
|
|
+ Fix #416: Improve dumping sequences
|
|
+ Fix #480: Anchor allows non ASCII characters while dumping
|
|
+ Fix #476: Make constructor of EnvScalarConstructor public
|
|
+ Fix #474: Parse the value of byte and short after a narrowing
|
|
primitive conversion
|
|
+ Fix yet another OWASP false positive. It complains that the
|
|
Spring controller makes SnakeYAML insecure even though
|
|
SnakeYAML does not use Spring controller and does not depend
|
|
on Spring (but the tests do). Bump spring.version from
|
|
3.2.17.RELEASE to 5.2.4.RELEASE
|
|
+ Migrated from hg to git
|
|
* Changes of 1.26
|
|
+ Fix #377: Allow configuration for preventing billion laughs
|
|
attack
|
|
+ Add: parse ENV variables similar to how it works for
|
|
docker-compose
|
|
+ Fix #468: Allow non ASCII characters in the anchor names
|
|
+ Add: expose Event.ID in Event via a getter
|
|
+ Fix #454: Add example for integer without time pattern
|
|
- Removed patch:
|
|
* 0003-fix-broken-test.patch
|
|
+ not needed since integrated upstream
|
|
- Modified patch:
|
|
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch
|
|
* rediff to changed context
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 10 05:55:34 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to upstream release 1.25
|
|
* Changes of 1.25
|
|
+ Fix #441: Restore the way to get anchor for a Node
|
|
+ Fix #437: Introduce setting to keep !!str tag for String even
|
|
when it contains non-printable chars
|
|
+ Update plugin versions
|
|
* Changes of 1.24
|
|
+ BaseConstructor: Factored out postponed mapping logic so
|
|
subclasses can effectively override constructMapping2ndStep()
|
|
and delegate to the postponed mapping logic
|
|
+ Fix #431: Customize simple key length when dumping
|
|
+ Fix #430: Wrap runtime exceptions into YAMLException.
|
|
+ Fix: Null tag constructor not called when parsing top-level
|
|
null value.
|
|
+ Fix #429: Provide "Automatic-Module-Name" entry in MANIFEST
|
|
+ Fix #426: Fix NPE when duplicate keys are not allowed and the
|
|
key is null
|
|
+ Apply pull request #41: Support java.sql classes without the
|
|
need to depend on java.sql module in java9+
|
|
+ Update: Java 7 is required.
|
|
+ Fix #423: Date Serialization Fails for TimeZones on Daylight
|
|
Savings Time
|
|
* Changes of 1.23
|
|
+ Update: run tests under Java 11. This is the last release to
|
|
support Java 6. As of the next release Java 7 will be required.
|
|
+ Fix #412: Restore the Boolean constructors for Events and
|
|
Nodes for binary compatibility of dependent projects
|
|
+ Fix #411: System Property "java.runtime.name" is not required
|
|
to be defined
|
|
+ Fix #409: Dumping Enum breaks when Enum value is Anonymous
|
|
inner class
|
|
* Changes of 1.21
|
|
+ Update: Scanner.peekToken() and Scanner.getToken() throw
|
|
exception instead of returning null
|
|
+ Update: Enhance output of token IDs
|
|
+ Update: Mark - expose buffer and pointer
|
|
+ Update: Improvements in the Bitbucket pipeline
|
|
+ Fix #397: Plain scalars with colons in flow sequences/mappings
|
|
are valid YAML. This change follows what happens with PyYAML
|
|
and libyaml (thanks to developers from the YAML community)
|
|
* Changes of 1.20
|
|
+ Fix #393: Improve reflective access operation to avoid warning
|
|
under Java 9
|
|
+ Hold #397: because of the inconsistent corner cases the ':' is
|
|
not yet allowed in a flow context
|
|
+ Refactor nodes and events - use enum FlowStyle instead of
|
|
Boolean (minor backwards-incompatible change)
|
|
+ Refactor ScalarToken, ScalarNode and ScalarEvent - use enum
|
|
ScalarStyle instead of Character (minor backwards-incompatible
|
|
change)
|
|
+ Refactor Mark - remove unused code (minor
|
|
backwards-incompatible change)
|
|
+ Fix #395 and #394: Introduce DuplicateKeyException and report
|
|
line number for duplicate keys when creating non-Javabeans
|
|
* Changes of 1.19
|
|
+ Apply pull request #22: Only use FIELD access for Android in
|
|
PropertyUtils
|
|
+ Apply pull request #27: Add getAnnotations() and
|
|
getAnnotation() methods to Property.
|
|
+ Apply pull request #26 and fix #383: Some configuration
|
|
properties of Representer were ignored.
|
|
+ Fix issue #386:Fix order of duplicate keys indices to prevent
|
|
wrong removals.
|
|
+ Update: major improvement when parsing JavaBeans.
|
|
+ Fix issue #382 and #322: MethodProperty should check for
|
|
generic type in getters and setters.
|
|
+ Fix issue #377: Add test for billion laughs attack.
|
|
+ Fix issue #368: Relax final restriction on TypeDescription.
|
|
+ Fix issue #375: Empty YAML file must return null instead of
|
|
throwing an exception when loading a JavaBean.
|
|
+ Fix issue #374: Localization settings (e.g. fr_CA) convert
|
|
Number type floats to ints.
|
|
+ Apply pull request #20: Provide access to node's anchor
|
|
+ Fix issue #370: Remove redundant
|
|
"Bundle-RequiredExecutionEnvironment: J2SE-1.5"
|
|
+ Fix issue #364: Serializing Calendar objects with certain
|
|
timezone offsets renders invalid YAML
|
|
* Changes of 1.18
|
|
+ Add: create Android artifact with android classifier
|
|
+ Fix issue #358: Validate DumperOptions to prevent invalid YAML
|
|
to be dumped.
|
|
+ Fix issue #355: Fix for emitter to split long plain string
|
|
scalars over multiple lines.
|
|
+ Apply pull request #13: Let Mark implement Serializable so
|
|
that ParserException can be serialized
|
|
+ Fix issue #337: Throw exception in case of duplicate keys when
|
|
LoaderOptions.allowDuplicateKeys is false.
|
|
+ Fix issue #351: Keep same nodes order on merge (preprocess
|
|
keys for MappingNode and remove duplicates keeping the last
|
|
one).
|
|
+ Fix issue #349: Ignore white spaces for base64 encoded scalar
|
|
+ Fix issue #348: Not removing parent object when composed
|
|
object is an anchor
|
|
+ Fix issue #323: Support "Miscellaneous Symbols and
|
|
Pictographs". This fix introduces minor backwards-incompatible
|
|
changes - some of the methods have been renamed. This fixes
|
|
also long standing issue with iOS emoji
|
|
+ Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters
|
|
if it contains 'null' as a key
|
|
+ Update plugin versions
|
|
- Removed patch:
|
|
* 0001-Replace-bundled-base64-implementation.patch
|
|
+ replaced by other implementation
|
|
- Modified patch:
|
|
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
|
|
+ Rediff to changed context
|
|
- Added patches:
|
|
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch
|
|
+ Replace with internal jdk8+ implementation
|
|
* 0003-fix-broken-test.patch
|
|
+ fix a broken test
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 1 06:32:02 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Packaging of snakeyaml 1.17 based on Fedora package
|
|
- Generated and customized ant build file
|
|
- Removed patch:
|
|
* snakeyaml-1.10-jdk9.patch
|
|
+ not needed any more
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 02 13:12:11 UTC 2017 - jgonzalez@suse.com
|
|
|
|
- Fix build with java9
|
|
- Add:
|
|
* snakeyaml-1.10-jdk9.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 1 13:06:37 UTC 2014 - mseidl@suse.de
|
|
|
|
- modified for sle12
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 18 01:48:56 CET 2011 - ro@suse.de
|
|
|
|
- explicitly add java-devel to buildrequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 26 14:55:26 UTC 2011 - bmaryniuk@suse.com
|
|
|
|
- Removed bootstrap binaries.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 26 14:32:27 UTC 2011 - bmaryniuk@suse.com
|
|
|
|
- Initial build with a bootstrap binaries.
|
|
|