From 3f178490f68f945f8e23dc1d862f10771d06d473f4175239e1a7541362320999 Mon Sep 17 00:00:00 2001
From: Duncan Mac-Vicar <dmacvicar@to-be-fixed.example.com>
Date: Mon, 7 Jul 2014 15:02:20 +0000
Subject: [PATCH] - update to 1.9.2 - CVE-2014-3540:   'class' property is
 exposed, potentially leading to RCE (bnc#885963) - for full changelog, see  
 *
 http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt
   *
 http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt
   *
 http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt

OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-beanutils?expand=0&rev=4
---
 apache-commons-beanutils.changes   | 11 +++++++++++
 apache-commons-beanutils.spec      | 19 ++++++++-----------
 commons-beanutils-1.8.3-src.tar.gz |  3 ---
 commons-beanutils-1.9.2-src.tar.gz |  3 +++
 4 files changed, 22 insertions(+), 14 deletions(-)
 delete mode 100644 commons-beanutils-1.8.3-src.tar.gz
 create mode 100644 commons-beanutils-1.9.2-src.tar.gz

diff --git a/apache-commons-beanutils.changes b/apache-commons-beanutils.changes
index 6cc9648..19d0bf6 100644
--- a/apache-commons-beanutils.changes
+++ b/apache-commons-beanutils.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Jul  7 08:04:04 UTC 2014 - dmacvicar@suse.de
+
+- update to 1.9.2
+- CVE-2014-3540:
+  'class' property is exposed, potentially leading to RCE (bnc#885963)
+- for full changelog, see
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt
+  * http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
+
 -------------------------------------------------------------------
 Mon Apr  2 13:23:15 UTC 2012 - mvyskocil@suse.cz
 
diff --git a/apache-commons-beanutils.spec b/apache-commons-beanutils.spec
index 7bb83b4..ff97101 100644
--- a/apache-commons-beanutils.spec
+++ b/apache-commons-beanutils.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package apache-commons-beanutils
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,18 @@
 #
 # icecream 0
 
+
 %define base_name	beanutils
 %define short_name	commons-%{base_name}
 
 Name:           apache-commons-beanutils
-Version:        1.8.3
+Version:        1.9.2
 Release:        0
-Summary:        Jakarta Commons BeanUtils Package
+Summary:        Utility methods for accessing and modifying the properties of JavaBeans
 License:        Apache-2.0
 Group:          Development/Libraries/Java
 Source0:        commons-beanutils-%{version}-src.tar.gz
-URL:            http://commons.apache.org/beanutils
+Url:            http://commons.apache.org/beanutils
 
 BuildRequires:  ant
 BuildRequires:  commons-collections
@@ -71,6 +72,8 @@ BeanUtils Package.
 %prep
 %setup -n %{short_name}-%{version}-src
 sed -i 's/\r//' *.txt
+# bug in ant build
+touch README.txt
 
 %build
 export CLASSPATH=%(build-classpath commons-collections commons-logging)
@@ -81,10 +84,6 @@ ant -Dbuild.sysclasspath=first dist
 install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
 install -m 644 dist/%{short_name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar
 
-# main jar created from these, we install them just for safe measure
-install -m 644 dist/%{short_name}-bean-collections-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-bean-collections.jar
-install -m 644 dist/%{short_name}-core-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-core.jar
-
 pushd $RPM_BUILD_ROOT%{_javadir}
 for jar in *.jar; do
     ln -sf ${jar} `echo $jar| sed "s|apache-||g"`
@@ -101,13 +100,11 @@ cp -pr dist/docs/api/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-
 %files
 %defattr(0644,root,root,0755)
-%doc *.txt
+%doc LICENSE.txt NOTICE.txt RELEASE-NOTES.txt
 %{_javadir}/*
 %{_mavenpomdir}/JPP-%{name}.pom
-# % {_mavendepmapfragdir}/%{name}
 
 %files javadoc
 %defattr(0644,root,root,0755)
diff --git a/commons-beanutils-1.8.3-src.tar.gz b/commons-beanutils-1.8.3-src.tar.gz
deleted file mode 100644
index f20ab40..0000000
--- a/commons-beanutils-1.8.3-src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df6d6a625db8da38b33d018030715130a258c0b493ea39f20c5e8d075b21b4ed
-size 383126
diff --git a/commons-beanutils-1.9.2-src.tar.gz b/commons-beanutils-1.9.2-src.tar.gz
new file mode 100644
index 0000000..114422c
--- /dev/null
+++ b/commons-beanutils-1.9.2-src.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91fccad3b65f278bad98df1aa8467f2d3df6095f41b2db39d2c12863fb2c0049
+size 396910