From fa9907806c014a4e86cde910086242da9c2639fc88b78094e9b602242758c439 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Thu, 1 Oct 2020 14:34:25 +0000
Subject: [PATCH] Accepting request 838992 from
 home:pmonrealgonzalez:branches:Java:packages

- Update to 1.10.9
  * Security fix: [bsc#1177180, CVE-2020-11979]
    - Insecure temporary file vulnerability
  * Fixed bugs:
    - The ftp task could throw a NullPointerException if an
      error occured.
    - Propertyset now also sees in-scope local properties.
    - Replaced ReaderInputStream with the version of Apache
      Commons IO due to problems with surrogate pairs.
    - <fixcrlf> will no longer remove the temporary file it
      just created before writing to it.
    - <sshexec> and <scp> didn't deal with wildcard hostnames
      in shs config files properly.
  * Other changes:
    - Ant will no longer log a warning if it doesn't find tools.jar.
    - The <jar> task accepts now a nested <indexjarsmapper>
      element that can be used to perform custom filename
      transformations for the <indexjars> archives.
    - Added a new PropertyEnumerator interface that extensions can
      provide if they are managing properties unknown to the Ant project.
    - Added some special code to support GraalVM JavaScript as
      javax.script scripting engine for JavaScript. In particular we
      relax some security settings of GraalVM so that scripts can access
      Ant objects.
    - Also Ant enables Nashorn compatibility mode by default, you can
      disable that by setting the magic Ant property
      ant.disable.graal.nashorn.compat to true.
    - If the magic property ant.tmpdir hasn't been set and Ant can
      control the permissions of directories it creates it will create an
      owner-owned temporary directory unaccessible to others as default

OBS-URL: https://build.opensuse.org/request/show/838992
OBS-URL: https://build.opensuse.org/package/show/Java:packages/ant?expand=0&rev=161
---
 ant-antlr.changes                | 35 ++++++++++++++++++++++++++++++++
 ant-antlr.spec                   |  2 +-
 ant-junit.changes                | 35 ++++++++++++++++++++++++++++++++
 ant-junit.spec                   |  2 +-
 ant-junit5.changes               | 35 ++++++++++++++++++++++++++++++++
 ant-junit5.spec                  |  2 +-
 ant.changes                      | 35 ++++++++++++++++++++++++++++++++
 ant.spec                         |  2 +-
 apache-ant-1.10.8-src.tar.xz     |  3 ---
 apache-ant-1.10.8-src.tar.xz.asc |  7 -------
 apache-ant-1.10.9-src.tar.xz     |  3 +++
 apache-ant-1.10.9-src.tar.xz.asc |  7 +++++++
 12 files changed, 154 insertions(+), 14 deletions(-)
 delete mode 100644 apache-ant-1.10.8-src.tar.xz
 delete mode 100644 apache-ant-1.10.8-src.tar.xz.asc
 create mode 100644 apache-ant-1.10.9-src.tar.xz
 create mode 100644 apache-ant-1.10.9-src.tar.xz.asc

diff --git a/ant-antlr.changes b/ant-antlr.changes
index 775a061..13e69a8 100644
--- a/ant-antlr.changes
+++ b/ant-antlr.changes
@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Thu Oct  1 15:38:21 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.10.9
+  * Security fix: [bsc#1177180, CVE-2020-11979]
+    - Insecure temporary file vulnerability
+  * Fixed bugs:
+    - The ftp task could throw a NullPointerException if an
+      error occured.
+    - Propertyset now also sees in-scope local properties.
+    - Replaced ReaderInputStream with the version of Apache
+      Commons IO due to problems with surrogate pairs.
+    - <fixcrlf> will no longer remove the temporary file it
+      just created before writing to it.
+    - <sshexec> and <scp> didn't deal with wildcard hostnames
+      in shs config files properly.
+  * Other changes:
+    - Ant will no longer log a warning if it doesn't find tools.jar.
+    - The <jar> task accepts now a nested <indexjarsmapper>
+      element that can be used to perform custom filename
+      transformations for the <indexjars> archives.
+    - Added a new PropertyEnumerator interface that extensions can
+      provide if they are managing properties unknown to the Ant project.
+    - Added some special code to support GraalVM JavaScript as
+      javax.script scripting engine for JavaScript. In particular we
+      relax some security settings of GraalVM so that scripts can access
+      Ant objects.
+    - Also Ant enables Nashorn compatibility mode by default, you can
+      disable that by setting the magic Ant property
+      ant.disable.graal.nashorn.compat to true.
+    - If the magic property ant.tmpdir hasn't been set and Ant can
+      control the permissions of directories it creates it will create an
+      owner-owned temporary directory unaccessible to others as default
+      tempdir as soon as a temporary file is created for the first time.
+
 -------------------------------------------------------------------
 Thu May 14 17:31:18 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/ant-antlr.spec b/ant-antlr.spec
index 0be3708..9d7e496 100644
--- a/ant-antlr.spec
+++ b/ant-antlr.spec
@@ -24,7 +24,7 @@
 %bcond_with junit5
 %bcond_without antlr
 Name:           ant-antlr
-Version:        1.10.8
+Version:        1.10.9
 Release:        0
 Summary:        Antlr Task for ant
 License:        Apache-2.0
diff --git a/ant-junit.changes b/ant-junit.changes
index 775a061..13e69a8 100644
--- a/ant-junit.changes
+++ b/ant-junit.changes
@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Thu Oct  1 15:38:21 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.10.9
+  * Security fix: [bsc#1177180, CVE-2020-11979]
+    - Insecure temporary file vulnerability
+  * Fixed bugs:
+    - The ftp task could throw a NullPointerException if an
+      error occured.
+    - Propertyset now also sees in-scope local properties.
+    - Replaced ReaderInputStream with the version of Apache
+      Commons IO due to problems with surrogate pairs.
+    - <fixcrlf> will no longer remove the temporary file it
+      just created before writing to it.
+    - <sshexec> and <scp> didn't deal with wildcard hostnames
+      in shs config files properly.
+  * Other changes:
+    - Ant will no longer log a warning if it doesn't find tools.jar.
+    - The <jar> task accepts now a nested <indexjarsmapper>
+      element that can be used to perform custom filename
+      transformations for the <indexjars> archives.
+    - Added a new PropertyEnumerator interface that extensions can
+      provide if they are managing properties unknown to the Ant project.
+    - Added some special code to support GraalVM JavaScript as
+      javax.script scripting engine for JavaScript. In particular we
+      relax some security settings of GraalVM so that scripts can access
+      Ant objects.
+    - Also Ant enables Nashorn compatibility mode by default, you can
+      disable that by setting the magic Ant property
+      ant.disable.graal.nashorn.compat to true.
+    - If the magic property ant.tmpdir hasn't been set and Ant can
+      control the permissions of directories it creates it will create an
+      owner-owned temporary directory unaccessible to others as default
+      tempdir as soon as a temporary file is created for the first time.
+
 -------------------------------------------------------------------
 Thu May 14 17:31:18 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/ant-junit.spec b/ant-junit.spec
index 40af092..1e92fe3 100644
--- a/ant-junit.spec
+++ b/ant-junit.spec
@@ -24,7 +24,7 @@
 %bcond_with junit5
 %bcond_with antlr
 Name:           ant-junit
-Version:        1.10.8
+Version:        1.10.9
 Release:        0
 Summary:        Optional junit tasks for ant
 License:        Apache-2.0
diff --git a/ant-junit5.changes b/ant-junit5.changes
index 775a061..13e69a8 100644
--- a/ant-junit5.changes
+++ b/ant-junit5.changes
@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Thu Oct  1 15:38:21 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.10.9
+  * Security fix: [bsc#1177180, CVE-2020-11979]
+    - Insecure temporary file vulnerability
+  * Fixed bugs:
+    - The ftp task could throw a NullPointerException if an
+      error occured.
+    - Propertyset now also sees in-scope local properties.
+    - Replaced ReaderInputStream with the version of Apache
+      Commons IO due to problems with surrogate pairs.
+    - <fixcrlf> will no longer remove the temporary file it
+      just created before writing to it.
+    - <sshexec> and <scp> didn't deal with wildcard hostnames
+      in shs config files properly.
+  * Other changes:
+    - Ant will no longer log a warning if it doesn't find tools.jar.
+    - The <jar> task accepts now a nested <indexjarsmapper>
+      element that can be used to perform custom filename
+      transformations for the <indexjars> archives.
+    - Added a new PropertyEnumerator interface that extensions can
+      provide if they are managing properties unknown to the Ant project.
+    - Added some special code to support GraalVM JavaScript as
+      javax.script scripting engine for JavaScript. In particular we
+      relax some security settings of GraalVM so that scripts can access
+      Ant objects.
+    - Also Ant enables Nashorn compatibility mode by default, you can
+      disable that by setting the magic Ant property
+      ant.disable.graal.nashorn.compat to true.
+    - If the magic property ant.tmpdir hasn't been set and Ant can
+      control the permissions of directories it creates it will create an
+      owner-owned temporary directory unaccessible to others as default
+      tempdir as soon as a temporary file is created for the first time.
+
 -------------------------------------------------------------------
 Thu May 14 17:31:18 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/ant-junit5.spec b/ant-junit5.spec
index 910703f..2db7489 100644
--- a/ant-junit5.spec
+++ b/ant-junit5.spec
@@ -24,7 +24,7 @@
 %bcond_without junit5
 %bcond_with antlr
 Name:           ant-junit5
-Version:        1.10.8
+Version:        1.10.9
 Release:        0
 Summary:        Optional junit tasks for ant
 License:        Apache-2.0
diff --git a/ant.changes b/ant.changes
index 775a061..13e69a8 100644
--- a/ant.changes
+++ b/ant.changes
@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Thu Oct  1 15:38:21 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.10.9
+  * Security fix: [bsc#1177180, CVE-2020-11979]
+    - Insecure temporary file vulnerability
+  * Fixed bugs:
+    - The ftp task could throw a NullPointerException if an
+      error occured.
+    - Propertyset now also sees in-scope local properties.
+    - Replaced ReaderInputStream with the version of Apache
+      Commons IO due to problems with surrogate pairs.
+    - <fixcrlf> will no longer remove the temporary file it
+      just created before writing to it.
+    - <sshexec> and <scp> didn't deal with wildcard hostnames
+      in shs config files properly.
+  * Other changes:
+    - Ant will no longer log a warning if it doesn't find tools.jar.
+    - The <jar> task accepts now a nested <indexjarsmapper>
+      element that can be used to perform custom filename
+      transformations for the <indexjars> archives.
+    - Added a new PropertyEnumerator interface that extensions can
+      provide if they are managing properties unknown to the Ant project.
+    - Added some special code to support GraalVM JavaScript as
+      javax.script scripting engine for JavaScript. In particular we
+      relax some security settings of GraalVM so that scripts can access
+      Ant objects.
+    - Also Ant enables Nashorn compatibility mode by default, you can
+      disable that by setting the magic Ant property
+      ant.disable.graal.nashorn.compat to true.
+    - If the magic property ant.tmpdir hasn't been set and Ant can
+      control the permissions of directories it creates it will create an
+      owner-owned temporary directory unaccessible to others as default
+      tempdir as soon as a temporary file is created for the first time.
+
 -------------------------------------------------------------------
 Thu May 14 17:31:18 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/ant.spec b/ant.spec
index 12f6a99..10f431b 100644
--- a/ant.spec
+++ b/ant.spec
@@ -23,7 +23,7 @@
 %bcond_with junit5
 %bcond_with antlr
 Name:           ant
-Version:        1.10.8
+Version:        1.10.9
 Release:        0
 Summary:        Java-based build tool
 License:        Apache-2.0
diff --git a/apache-ant-1.10.8-src.tar.xz b/apache-ant-1.10.8-src.tar.xz
deleted file mode 100644
index 1b24d17..0000000
--- a/apache-ant-1.10.8-src.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:40570314bad3b46abe4ee0669a8f8feb56fe767f1642a801fa7fd4fafcd362ca
-size 4509004
diff --git a/apache-ant-1.10.8-src.tar.xz.asc b/apache-ant-1.10.8-src.tar.xz.asc
deleted file mode 100644
index 8c6a129..0000000
--- a/apache-ant-1.10.8-src.tar.xz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iHEEABECADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCXrgRRBMcYm9kZXdpZ0Bh
-cGFjaGUub3JnAAoJEKIRWuFfa4tyLvQAnisliyItLK21cxqdIxY2TuSWAYN3AKDF
-4uXOYiDFqrE2cpmpMhSlDqMInw==
-=lY6Z
------END PGP SIGNATURE-----
diff --git a/apache-ant-1.10.9-src.tar.xz b/apache-ant-1.10.9-src.tar.xz
new file mode 100644
index 0000000..6a57a33
--- /dev/null
+++ b/apache-ant-1.10.9-src.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4b2008cc60fefd424b05567e9d43a071302865d5fd8b01a807e15e381b557ec2
+size 4333648
diff --git a/apache-ant-1.10.9-src.tar.xz.asc b/apache-ant-1.10.9-src.tar.xz.asc
new file mode 100644
index 0000000..00b75df
--- /dev/null
+++ b/apache-ant-1.10.9-src.tar.xz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHEEABECADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCX3BjFxMcYm9kZXdpZ0Bh
+cGFjaGUub3JnAAoJEKIRWuFfa4ty1RoAoOCTeA+8V7MxLXzseH0dUpcfm9U4AJ4w
+jTGSbocA3ex+Yy+rheNXYZTsXA==
+=qgma
+-----END PGP SIGNATURE-----