From ac69873fec9c66c80ea98ecb506316d5323be9f46dbaff3c9a360da5c9fd48a0 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Wed, 15 Dec 2021 18:05:14 +0000 Subject: [PATCH] Accepting request 940776 from home:david.anes:branches:Java:packages Update to 1.10.12 + CVEs/bugzilla mentioned in .changes files OBS-URL: https://build.opensuse.org/request/show/940776 OBS-URL: https://build.opensuse.org/package/show/Java:packages/ant?expand=0&rev=165 --- ant-antlr.changes | 41 +++++++++++++++++++++++++++++++ ant-antlr.spec | 2 +- ant-junit.changes | 41 +++++++++++++++++++++++++++++++ ant-junit.spec | 2 +- ant-junit5.changes | 41 +++++++++++++++++++++++++++++++ ant-junit5.spec | 2 +- ant.changes | 41 +++++++++++++++++++++++++++++++ ant.spec | 2 +- apache-ant-1.10.10-src.tar.xz | 3 --- apache-ant-1.10.10-src.tar.xz.asc | 16 ------------ apache-ant-1.10.12-src.tar.xz | 3 +++ apache-ant-1.10.12-src.tar.xz.asc | 16 ++++++++++++ 12 files changed, 187 insertions(+), 23 deletions(-) delete mode 100644 apache-ant-1.10.10-src.tar.xz delete mode 100644 apache-ant-1.10.10-src.tar.xz.asc create mode 100644 apache-ant-1.10.12-src.tar.xz create mode 100644 apache-ant-1.10.12-src.tar.xz.asc diff --git a/ant-antlr.changes b/ant-antlr.changes index 9792d5a..a50e4ca 100644 --- a/ant-antlr.changes +++ b/ant-antlr.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Dec 15 16:19:12 UTC 2021 - David Anes + +- Update to 1.10.12: + * The update includes fixes for the following CVEs: + CVE-2021-36374, bsc#1188469 + Excessive memory allocation when reading a specially + crafted ZIP archive or a derived formats. + CVE-2021-36373, bsc#1188468 + Excessive memory allocation when reading a specially + crafted TAR archive. + * The http condition would follow redirects even when "followRedirects" attribute + was set to "false". This has now been fixed. Bugzilla Report 65489 + * Made sure setting build.compiler to the fully qualified classname + that corresponds to extJavac or modern has the same effect as using + the shorter alias names. Bugzilla Report 65539 + * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. + Bugzilla Report 65424 + * The implementation of AntClassLoader#findResources() has been changed to optimize + it for potential performance issues, as those noted at https://issues.jenkins.io/browse/JENKINS-22310?focusedCommentId=197405&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-197405 + Github Pull Request #151 + * AntClassLoader now implements the ClassLoader#findResource(String) method. + Github Pull Request #150 + * Ant tries to avoid file name canonicalization when possible. + Bugzilla Report 65499 + * javadoc task will now look for warning messages in the STDERR stream too + when "failonwarning" is set to true to account for changes in JDK 17+ + * The tar task now preserves symlinks of nested tarfilesets. + Github Pull Request #142 + +- Changes from 1.10.11: + * a race condition could lead to NullPointerExceptions when running + tasks in parallel. + Bugzilla Report 65316 + * fixed potential OutOfMemory errors when reading broken archives + using the tar or zip formats or formats derived from zip. + * org.apache.tools.ant.taskdefs.optional.junitlauncher.confined.JUnitLauncherTask now + has a new protected createExecuteWatchdog() method for allowing it to be overriden. + Github Pull Request #147 + * Upgraded AntUnit to 1.4.1. + ------------------------------------------------------------------- Thu Jun 3 16:17:46 UTC 2021 - Pedro Monreal diff --git a/ant-antlr.spec b/ant-antlr.spec index b6d8c0d..0bae696 100644 --- a/ant-antlr.spec +++ b/ant-antlr.spec @@ -24,7 +24,7 @@ %bcond_with junit5 %bcond_without antlr Name: ant-antlr -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: Antlr Task for ant License: Apache-2.0 diff --git a/ant-junit.changes b/ant-junit.changes index 9792d5a..a50e4ca 100644 --- a/ant-junit.changes +++ b/ant-junit.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Dec 15 16:19:12 UTC 2021 - David Anes + +- Update to 1.10.12: + * The update includes fixes for the following CVEs: + CVE-2021-36374, bsc#1188469 + Excessive memory allocation when reading a specially + crafted ZIP archive or a derived formats. + CVE-2021-36373, bsc#1188468 + Excessive memory allocation when reading a specially + crafted TAR archive. + * The http condition would follow redirects even when "followRedirects" attribute + was set to "false". This has now been fixed. Bugzilla Report 65489 + * Made sure setting build.compiler to the fully qualified classname + that corresponds to extJavac or modern has the same effect as using + the shorter alias names. Bugzilla Report 65539 + * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. + Bugzilla Report 65424 + * The implementation of AntClassLoader#findResources() has been changed to optimize + it for potential performance issues, as those noted at https://issues.jenkins.io/browse/JENKINS-22310?focusedCommentId=197405&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-197405 + Github Pull Request #151 + * AntClassLoader now implements the ClassLoader#findResource(String) method. + Github Pull Request #150 + * Ant tries to avoid file name canonicalization when possible. + Bugzilla Report 65499 + * javadoc task will now look for warning messages in the STDERR stream too + when "failonwarning" is set to true to account for changes in JDK 17+ + * The tar task now preserves symlinks of nested tarfilesets. + Github Pull Request #142 + +- Changes from 1.10.11: + * a race condition could lead to NullPointerExceptions when running + tasks in parallel. + Bugzilla Report 65316 + * fixed potential OutOfMemory errors when reading broken archives + using the tar or zip formats or formats derived from zip. + * org.apache.tools.ant.taskdefs.optional.junitlauncher.confined.JUnitLauncherTask now + has a new protected createExecuteWatchdog() method for allowing it to be overriden. + Github Pull Request #147 + * Upgraded AntUnit to 1.4.1. + ------------------------------------------------------------------- Thu Jun 3 16:17:46 UTC 2021 - Pedro Monreal diff --git a/ant-junit.spec b/ant-junit.spec index 4417950..9c83b25 100644 --- a/ant-junit.spec +++ b/ant-junit.spec @@ -24,7 +24,7 @@ %bcond_with junit5 %bcond_with antlr Name: ant-junit -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: Optional junit tasks for ant License: Apache-2.0 diff --git a/ant-junit5.changes b/ant-junit5.changes index 9792d5a..a50e4ca 100644 --- a/ant-junit5.changes +++ b/ant-junit5.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Dec 15 16:19:12 UTC 2021 - David Anes + +- Update to 1.10.12: + * The update includes fixes for the following CVEs: + CVE-2021-36374, bsc#1188469 + Excessive memory allocation when reading a specially + crafted ZIP archive or a derived formats. + CVE-2021-36373, bsc#1188468 + Excessive memory allocation when reading a specially + crafted TAR archive. + * The http condition would follow redirects even when "followRedirects" attribute + was set to "false". This has now been fixed. Bugzilla Report 65489 + * Made sure setting build.compiler to the fully qualified classname + that corresponds to extJavac or modern has the same effect as using + the shorter alias names. Bugzilla Report 65539 + * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. + Bugzilla Report 65424 + * The implementation of AntClassLoader#findResources() has been changed to optimize + it for potential performance issues, as those noted at https://issues.jenkins.io/browse/JENKINS-22310?focusedCommentId=197405&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-197405 + Github Pull Request #151 + * AntClassLoader now implements the ClassLoader#findResource(String) method. + Github Pull Request #150 + * Ant tries to avoid file name canonicalization when possible. + Bugzilla Report 65499 + * javadoc task will now look for warning messages in the STDERR stream too + when "failonwarning" is set to true to account for changes in JDK 17+ + * The tar task now preserves symlinks of nested tarfilesets. + Github Pull Request #142 + +- Changes from 1.10.11: + * a race condition could lead to NullPointerExceptions when running + tasks in parallel. + Bugzilla Report 65316 + * fixed potential OutOfMemory errors when reading broken archives + using the tar or zip formats or formats derived from zip. + * org.apache.tools.ant.taskdefs.optional.junitlauncher.confined.JUnitLauncherTask now + has a new protected createExecuteWatchdog() method for allowing it to be overriden. + Github Pull Request #147 + * Upgraded AntUnit to 1.4.1. + ------------------------------------------------------------------- Thu Jun 3 16:17:46 UTC 2021 - Pedro Monreal diff --git a/ant-junit5.spec b/ant-junit5.spec index cb0e13b..1436b08 100644 --- a/ant-junit5.spec +++ b/ant-junit5.spec @@ -24,7 +24,7 @@ %bcond_without junit5 %bcond_with antlr Name: ant-junit5 -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: Optional junit tasks for ant License: Apache-2.0 diff --git a/ant.changes b/ant.changes index 9792d5a..a50e4ca 100644 --- a/ant.changes +++ b/ant.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Dec 15 16:19:12 UTC 2021 - David Anes + +- Update to 1.10.12: + * The update includes fixes for the following CVEs: + CVE-2021-36374, bsc#1188469 + Excessive memory allocation when reading a specially + crafted ZIP archive or a derived formats. + CVE-2021-36373, bsc#1188468 + Excessive memory allocation when reading a specially + crafted TAR archive. + * The http condition would follow redirects even when "followRedirects" attribute + was set to "false". This has now been fixed. Bugzilla Report 65489 + * Made sure setting build.compiler to the fully qualified classname + that corresponds to extJavac or modern has the same effect as using + the shorter alias names. Bugzilla Report 65539 + * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. + Bugzilla Report 65424 + * The implementation of AntClassLoader#findResources() has been changed to optimize + it for potential performance issues, as those noted at https://issues.jenkins.io/browse/JENKINS-22310?focusedCommentId=197405&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-197405 + Github Pull Request #151 + * AntClassLoader now implements the ClassLoader#findResource(String) method. + Github Pull Request #150 + * Ant tries to avoid file name canonicalization when possible. + Bugzilla Report 65499 + * javadoc task will now look for warning messages in the STDERR stream too + when "failonwarning" is set to true to account for changes in JDK 17+ + * The tar task now preserves symlinks of nested tarfilesets. + Github Pull Request #142 + +- Changes from 1.10.11: + * a race condition could lead to NullPointerExceptions when running + tasks in parallel. + Bugzilla Report 65316 + * fixed potential OutOfMemory errors when reading broken archives + using the tar or zip formats or formats derived from zip. + * org.apache.tools.ant.taskdefs.optional.junitlauncher.confined.JUnitLauncherTask now + has a new protected createExecuteWatchdog() method for allowing it to be overriden. + Github Pull Request #147 + * Upgraded AntUnit to 1.4.1. + ------------------------------------------------------------------- Thu Jun 3 16:17:46 UTC 2021 - Pedro Monreal diff --git a/ant.spec b/ant.spec index 9f80ff1..d3dd2cd 100644 --- a/ant.spec +++ b/ant.spec @@ -23,7 +23,7 @@ %bcond_with junit5 %bcond_with antlr Name: ant -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: Java-based build tool License: Apache-2.0 diff --git a/apache-ant-1.10.10-src.tar.xz b/apache-ant-1.10.10-src.tar.xz deleted file mode 100644 index a99f9ef..0000000 --- a/apache-ant-1.10.10-src.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8ab046eaca09d2c3fa0cdf1a681740e31f8afad0ad6bc346fe51d16fdc6d92d -size 4530288 diff --git a/apache-ant-1.10.10-src.tar.xz.asc b/apache-ant-1.10.10-src.tar.xz.asc deleted file mode 100644 index c224577..0000000 --- a/apache-ant-1.10.10-src.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEjacMAN968bDS+dx03bzBJwop0IEFAmBzv6cACgkQ3bzBJwop -0IFIJg//TGQ6nt0Y7A3AHA0FTaNILyx1dPHWOU2k5OJWuFUYmWn8w123cU2oFsWM -jswdArCNOOYOGgQks2ALiuAKrMs37K+osuCOJzXbOxffuE3mpIXFdf5oz916qg93 -fg4FxBWEkkQQECgosLs2KDdf26ODz5pJH7beJsVLujRnO3Y1qpU8WiUqj8VWEy8t -mLKKZUgO2+mKSHKCKNw2aXHypHfQSm2UImi85hzxsaBHIo4hK8MEeFVmKBLWjf5q -8qeaZufqjdV/6T+tlcoMw2ARAuBMeiEv4j/3gyUiGnnh+sAs353sG7z3MFSvDgax -RwmsfoBCGBlWAcHwWiW1HiJtNViRBnlvtzyAklyAnNIpyBy2n3vn+Oh+uEQjAH7G -1zBNzj47K4e9IfR7Ryb/FtexuaPieny+CwCZi77zjWv69I2+pqEJe+h+pgLfXe5h -/8DcYGoskyfhuuNxX7YLDWkTPyo8MZr074QBKHjL8nhwN8vcBJkqvWduqER5YFUL -pgTXAGOOONNHOqSsyqUaePB7dk7PTy/cGdRJ48QBfiI+LMCEsm9hP9iRaHBqw3Z7 -frS256po21czzqyWBhhF7E/eVOBdFaKJuL4xGc+/0tfoavQycONuPDjkqUAMxetr -K4cMUzcosoxs1FLf/EOenbiRXD4KjXNtbtE3R5FN6T6h0R7rcAM= -=PX25 ------END PGP SIGNATURE----- diff --git a/apache-ant-1.10.12-src.tar.xz b/apache-ant-1.10.12-src.tar.xz new file mode 100644 index 0000000..dbd5b77 --- /dev/null +++ b/apache-ant-1.10.12-src.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7629bb10285c5de609df56ae9bc968332f3d34d6cd5c0a5dffe24078e09e98b3 +size 3869920 diff --git a/apache-ant-1.10.12-src.tar.xz.asc b/apache-ant-1.10.12-src.tar.xz.asc new file mode 100644 index 0000000..30cc952 --- /dev/null +++ b/apache-ant-1.10.12-src.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEjacMAN968bDS+dx03bzBJwop0IEFAmFmZaoACgkQ3bzBJwop +0IEqSg/8Dt6ZUTesNXjZNFQQC6EgSU7lzxb6rfeAZoV3BZ8b+HuyBGp6xun//U0m +SBmKqFzL6DfRO6Y1oivuO6704jmywioZfm5dJlRQO09GOIYCYK5qBCbEi29Tvvkx +xMLgQTdu83hzCvPwMSGhzoRmEaPucSSFxszSdG6/Z0dhWqKk3qSd06A5I4A98rGA +ERyJXY6MVCHXrmea/V/k4M03sl4bfaJcePtktE/wXWBSq36nrC6G7HSVLIuBAGXF +IsX4M9RaCoqJ72e83cvEhPKpPMVPKQxHO4RMirFfrADKeBW9zBMf81RwsHGMrfnq +/wyyf5LzRUfE0GUL1kqmYsvbicN5HIMZ4yg5vH3XhcGApH00Gv2a6eyPhdnBKik8 +JVnIyJHV8MIy8kLtxt4poUufCbasxNMrzhzlDzmzqfVTBLDg/4h//Xy+ifYu19al +eJopmud/AEo1JaT+7ZRaZ4V6UjajUhrKqF5/Pm9YMMD1YTjfrbe+k43k1tiOWLyJ +4KKLcif1evfWWToeeHw+znpi/fnv7/2c7TYGXxqc1oyHwP3gUkMt5fARqyz3pNsl +KBbvNC6MlwW0noaV4z3dl9qwYAODgary4CAkFCcfoghy7b9qig6USsuNIDMXOoK1 +YhVj3B4wpn8xZ1aqZSc/1PO6t197mMdcq54Vho7JLxfBlNesLr4= +=fI16 +-----END PGP SIGNATURE-----