- update to 1.9.2

- CVE-2014-3540:
  'class' property is exposed, potentially leading to RCE (bnc#885963)
- for full changelog, see
  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt
  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt
  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-beanutils?expand=0&rev=4

apache-commons-beanutils.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Jul  7 08:04:04 UTC 2014 - dmacvicar@suse.de
+
+- update to 1.9.2
+- CVE-2014-3540:
+  'class' property is exposed, potentially leading to RCE (bnc#885963)
+- for full changelog, see
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
+
 -------------------------------------------------------------------
 Mon Apr  2 13:23:15 UTC 2012 - mvyskocil@suse.cz
 

apache-commons-beanutils.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package apache-commons-beanutils
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,18 @@
 #
 # icecream 0
 
+
 %define base_name	beanutils
 %define short_name	commons-%{base_name}
 
 Name:           apache-commons-beanutils
-Version:        1.8.3
+Version:        1.9.2
 Release:        0
-Summary:        Jakarta Commons BeanUtils Package
+Summary:        Utility methods for accessing and modifying the properties of JavaBeans
 License:        Apache-2.0
 Group:          Development/Libraries/Java
 Source0:        commons-beanutils-%{version}-src.tar.gz
-URL:            http://commons.apache.org/beanutils
+Url:            http://commons.apache.org/beanutils
 
 BuildRequires:  ant
 BuildRequires:  commons-collections
@@ -71,6 +72,8 @@ BeanUtils Package.
 %prep
 %setup -n %{short_name}-%{version}-src
 sed -i 's/\r//' *.txt
+# bug in ant build
+touch README.txt
 
 %build
 export CLASSPATH=%(build-classpath commons-collections commons-logging)
@@ -81,10 +84,6 @@ ant -Dbuild.sysclasspath=first dist
 install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
 install -m 644 dist/%{short_name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar
 
-# main jar created from these, we install them just for safe measure
-install -m 644 dist/%{short_name}-bean-collections-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-bean-collections.jar
-install -m 644 dist/%{short_name}-core-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-core.jar
-
 pushd $RPM_BUILD_ROOT%{_javadir}
 for jar in *.jar; do
     ln -sf ${jar} `echo $jar| sed "s|apache-||g"`
@@ -101,13 +100,11 @@ cp -pr dist/docs/api/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-
 %files
 %defattr(0644,root,root,0755)
-%doc *.txt
+%doc LICENSE.txt NOTICE.txt RELEASE-NOTES.txt
 %{_javadir}/*
 %{_mavenpomdir}/JPP-%{name}.pom
-# % {_mavendepmapfragdir}/%{name}
 
 %files javadoc
 %defattr(0644,root,root,0755)

commons-beanutils-1.8.3-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df6d6a625db8da38b33d018030715130a258c0b493ea39f20c5e8d075b21b4ed
-size 383126

commons-beanutils-1.9.2-src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91fccad3b65f278bad98df1aa8467f2d3df6095f41b2db39d2c12863fb2c0049
+size 396910