OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-compress?expand=0&rev=29
This commit is contained in:
Fridrich Strba
Git OBS Bridge
parent
2aa5ae2436
commit
7911c247be
@ -1,3 +1,264 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 19 13:14:54 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Upgrade to 1.26
|
||||
* Fixing several vulnerabilities
|
||||
+ bsc#1220068, CVE-2024-26308
|
||||
+ bsc#1220070, CVE-2024-25710
|
||||
* New Features
|
||||
+ Add and use ZipFile.builder(), ZipFile.Builder, and deprecate
|
||||
constructors
|
||||
+ Add and use SevenZFile.builder(), SevenZFile.Builder, and
|
||||
deprecate constructors
|
||||
+ Add and use ArchiveInputStream.getCharset()
|
||||
+ Add and use ArchiveEntry.resolveIn(Path)
|
||||
+ Add Maven property project.build.outputTimestamp for build
|
||||
reproducibility
|
||||
* Fixed Bugs
|
||||
+ COMPRESS-632: Check for invalid PAX values in TarArchiveEntry
|
||||
+ COMPRESS-632: Fix for zero size headers in ArjInputStream
|
||||
+ COMPRESS-632: Fixes and tests for ArInputStream
|
||||
+ COMPRESS-632: Fixes for dump file parsing
|
||||
+ COMPRESS-632: Improve CPIO exception detection and handling
|
||||
+ Deprecate SkipShieldingInputStream without replacement (no
|
||||
longer used)
|
||||
+ Reuse commons-codec, don't duplicate class PureJavaCrc32C
|
||||
(removed package-private class)
|
||||
+ Reuse commons-codec, don't duplicate class XXHash32
|
||||
(deprecated class)
|
||||
+ Reuse commons-io, don't duplicate class Charsets (deprecated
|
||||
class)
|
||||
+ Reuse commons-io, don't duplicate class IOUtils (deprecated
|
||||
methods)
|
||||
+ Reuse commons-io, don't duplicate class BoundedInputStream
|
||||
(deprecated class)
|
||||
+ Reuse commons-io, don't duplicate class FileTimes (deprecated
|
||||
TimeUtils methods)
|
||||
+ Reuse Arrays.equals(byte[], byte[]) and deprecate
|
||||
ArchiveUtils.isEqual(byte[], byte[])
|
||||
+ Add a null-check for the class loader of OsgiUtils
|
||||
+ Add a null-check in Pack200.newInstance(String, String)
|
||||
+ Deprecate ChecksumCalculatingInputStream in favor of
|
||||
java.util.zip.CheckedInputStream
|
||||
+ Deprecate CRC32VerifyingInputStream
|
||||
.CRC32VerifyingInputStream(InputStream, long, int)
|
||||
+ COMPRESS-655: FramedSnappyCompressorOutputStream produces
|
||||
incorrect output when writing a large buffer
|
||||
+ COMPRESS-657: Fix TAR directory entries being misinterpreted
|
||||
as files
|
||||
+ Deprecate unused method FileNameUtils.getBaseName(String)
|
||||
+ Deprecate unused method FileNameUtils.getExtension(String)
|
||||
+ ArchiveInputStream.BoundedInputStream.read() incorrectly adds
|
||||
1 for EOF to the bytes read count
|
||||
+ Deprecate IOUtils.read(File, byte[])
|
||||
+ Deprecate IOUtils.copyRange(InputStream, long, OutputStream,
|
||||
int)
|
||||
+ COMPRESS-653: ZipArchiveOutputStream multi archive updates
|
||||
metadata in incorrect file
|
||||
+ Deprecate ByteUtils.InputStreamByteSupplier
|
||||
+ Deprecate ByteUtils.fromLittleEndian(InputStream, int)
|
||||
+ Deprecate ByteUtils.toLittleEndian(DataOutput, long, int)
|
||||
+ Reduce duplication by having ArchiveInputStream extend
|
||||
FilterInputStream
|
||||
+ Support preamble garbage in ZipArchiveInputStream
|
||||
+ COMPRESS-658: Fix formatting the lowest expressable DOS time
|
||||
+ Drop reflection from ExtraFieldUtils static initialization
|
||||
+ Preserve exception causation in
|
||||
ExtraFieldUtils.register(Class)
|
||||
- Upgrade to 1.25.0
|
||||
* New features:
|
||||
+ Add GzipParameters.getFileName() and deprecate getFilename()
|
||||
+ Add GzipParameters.setFileName(String) and deprecate
|
||||
setFilename(String)
|
||||
+ Add FileNameUtil.getCompressedFileName(String) and deprecate
|
||||
getCompressedFilename(String)
|
||||
+ Add FileNameUtil.getUncompressedFileName(String) and deprecate
|
||||
getUncompressedFilename(String)
|
||||
+ Add FileNameUtil.isCompressedFileName(String) and deprecate
|
||||
isCompressedFilename(String)
|
||||
+ Add BZip2Utils.getCompressedFileName(String) and deprecate
|
||||
getCompressedFilename(String)
|
||||
+ Add BZip2Utils.getUncompressedFileName(String) and deprecate
|
||||
getUncompressedFilename(String)
|
||||
+ Add BZip2Utils.isCompressedFileName(String) and deprecate
|
||||
isCompressedFilename(String)
|
||||
+ Add LZMAUtils.getCompressedFileName(String) and deprecate
|
||||
getCompressedFilename(String)
|
||||
+ Add LZMAUtils.getUncompressedFileName(String) and deprecate
|
||||
getUncompressedFilename(String)
|
||||
+ Add LZMAUtils.isCompressedFileName(String) and deprecate
|
||||
isCompressedFilename(String)
|
||||
+ Add XYUtils.getCompressedFileName(String) and deprecate
|
||||
getCompressedFilename(String)
|
||||
+ Add XYUtils.getUncompressedFileName(String) and deprecate
|
||||
getUncompressedFilename(String)
|
||||
+ Add XYUtils.isCompressedFileName(String) and deprecate
|
||||
isCompressedFilename(String)
|
||||
+ Add GzipUtils.getCompressedFileName(String) and deprecate
|
||||
getCompressedFilename(String)
|
||||
+ Add GzipUtils.getUncompressedFileName(String) and deprecate
|
||||
getUncompressedFilename(String)
|
||||
+ Add GzipUtils.isCompressedFileName(String) and deprecate
|
||||
isCompressedFilename(String)
|
||||
+ Add SevenZOutputFile.putArchiveEntry(SevenZArchiveEntry) and
|
||||
deprecate putArchiveEntry(ArchiveEntry)
|
||||
+ Add generics to ChangeSet and ChangeSetPerformer
|
||||
+ Add generics to ArchiveStreamProvider and friends
|
||||
+ Add a generic type parameter to ArchiveOutputStream and avoid
|
||||
unchecked/unconfirmed type casts in subclasses
|
||||
+ Add a generic type parameter to ArchiveInputStream and
|
||||
deprecate redundant get methods in subclasses
|
||||
+ COMPRESS-648: Add ability to restrict autodetection in
|
||||
CompressorStreamFactory
|
||||
* Fixed Bugs:
|
||||
+ Precompile regular expression in
|
||||
ArArchiveInputStream.isBSDLongName(String)
|
||||
+ Precompile regular expression in
|
||||
ArArchiveInputStream.isGNULongName(String)
|
||||
+ Precompile regular expression in
|
||||
TarArchiveEntry.parseInstantFromDecimalSeconds(String)
|
||||
+ Precompile regular expression in
|
||||
ChangeSet.addDeletion(Change)
|
||||
+ COMPRESS-649: Improve performance in
|
||||
BlockLZ4CompressorOutputStream
|
||||
+ Null-guard Lister.main(String[]) for programmatic invocation
|
||||
+ NPE in pack200.NewAttributeBands.Reference
|
||||
.addAttributeToBand(NewAttribute, InputStream)
|
||||
+ Incorrect lazy initialization and update of static field in
|
||||
pack200.CodecEncoding.getSpecifier(Codec, Codec)
|
||||
+ Incorrect string comparison in unpack200.AttributeLayout
|
||||
.numBackwardsCallables()
|
||||
+ Inefficient use of keySet iterator instead of entrySet
|
||||
iterator in pack200.PackingOptions
|
||||
.addOrUpdateAttributeActions(List, Map, int)
|
||||
+ Package private class pack200.IcBands.IcTuple should be a
|
||||
static inner class
|
||||
+ Private class ZipFile.BoundedFileChannelInputStream should be
|
||||
a static inner class
|
||||
+ Refactor internal SevenZ AES256SHA256Decoder InputStream into
|
||||
a named static inner class
|
||||
+ Refactor internal SevenZ AES256SHA256Decoder OutputStream into
|
||||
a named static inner class
|
||||
+ Use the root Locale for string conversion of command line
|
||||
options in org.apache.commons.compress.archivers.sevenz.CLI
|
||||
+ Calling PackingUtils.config(PackingOptions) with null now
|
||||
closes the internal FileHandler
|
||||
+ COMPRESS-650: LZ4 compressor throws IndexOutOfBoundsException
|
||||
+ COMPRESS-632: LZWInputStream.initializeTables(int) should
|
||||
throw IllegalArgumentException instead of
|
||||
ArrayIndexOutOfBoundsException
|
||||
+ COMPRESS-647: Throw IOException instead of
|
||||
ArrayIndexOutOfBoundsException when reading Zip with data
|
||||
descriptor entries
|
||||
- Update to 1.24.0
|
||||
* New features:
|
||||
+ Make ZipArchiveEntry.getLocalHeaderOffset() public
|
||||
* Fixed Bugs:
|
||||
+ Use try-with-resources in ArchiveStreamFactory
|
||||
+ Javadoc and code comments: Sanitize grammar issues and typos
|
||||
+ Remove redundant (null) initializations
|
||||
+ [StepSecurity] ci: Harden GitHub Actions
|
||||
- Update to 1.23.0
|
||||
* New features:
|
||||
+ COMPRESS-614: Use FileTime for time fields in
|
||||
SevenZipArchiveEntry
|
||||
+ COMPRESS-621: Fix calculation the offset of the first ZIP
|
||||
central directory entry
|
||||
+ COMPRESS-633:Add encryption support for SevenZ
|
||||
+ COMPRESS-613: Support for extra time data in Zip archives
|
||||
+ COMPRESS-621: Add org.apache.commons.compress.archivers.zip
|
||||
.DefaultBackingStoreSupplier to write to a custom folder
|
||||
instead of the default temporary folder.
|
||||
+ COMPRESS-600: Add capability to configure Deflater strategy
|
||||
in GzipCompressorOutputStream:
|
||||
GzipParameters.setDeflateStrategy(int).
|
||||
* Fixed Bugs:
|
||||
+ Implicit narrowing conversion in compound assignment
|
||||
+ Avoid NPE in FileNameUtils.getBaseName(Path) for paths with
|
||||
zero elements like root paths
|
||||
+ Avoid NPE in FileNameUtils.getExtension(Path) for paths with
|
||||
zero elements like root paths
|
||||
+ LZMA2Decoder.decode() looses original exception
|
||||
+ Extract conditions and avoid duplicate code.
|
||||
+ Remove duplicate conditions. Use switch instead.
|
||||
+ Replace JUnit 3 and 4 with JUnit 5
|
||||
+ Make 'ZipFile.offsetComparator' static
|
||||
+ COMPRESS-638: The GzipCompressorOutputStream#writeHeader()
|
||||
uses ISO_8859_1 to write the file name and comment. If the
|
||||
strings contains non-ISO_8859_1 characters, unknown characters
|
||||
are displayed after decompression. Use percent encoding for
|
||||
non ISO_8859_1 characters.
|
||||
+ Port some code from IO to NIO APIs
|
||||
+ pack200: Fix FileBands misusing InputStream#read(byte[])
|
||||
+ COMPRESS-641: Add TarArchiveEntry.getLinkFlag()
|
||||
+ COMPRESS-642: Integer overflow ArithmeticException in
|
||||
TarArchiveOutputStream
|
||||
+ COMPRESS-642: org.apache.commons.compress.archivers.zip
|
||||
.ZipFile.finalize() should not write to std err.
|
||||
* Removed:
|
||||
+ Remove BZip2CompressorOutputStream.finalize() which only wrote
|
||||
to std err
|
||||
- Update to 1.22
|
||||
* New features:
|
||||
+ COMPRESS-602: Migrate zip package to use NIO
|
||||
+ Add APK file extension constants: ArchiveStreamFactory.APK,
|
||||
APKM, APKS, XAPK
|
||||
+ ArchiveStreamFactory.createArchiveInputStream(String,
|
||||
InputStream, String) supports the "APK" format (it's a JAR)
|
||||
+ Expander example now has NIO Path versions of IO File APIs
|
||||
+ COMPRESS-612: Improve TAR support for file times
|
||||
+ Add SevenZArchiveEntry.setContentMethods(SevenZMethodConfiguration...)
|
||||
* Fixed Bugs:
|
||||
+ Fix some compiler warnings in pack200 packages
|
||||
+ Close File input stream after unpacking in
|
||||
Pack200UnpackerAdapter.unpack(File, JarOutputStream)
|
||||
+ Pack200UnpackerAdapter.unpack(InputStream, JarOutputStream)
|
||||
should not close its given input stream
|
||||
+ COMPRESS-596: Fix minor problem in examples.
|
||||
+ COMPRESS-584: Add a limit to the copy buffer in
|
||||
IOUtils.readRange() to avoid reading more from a channel than
|
||||
asked for
|
||||
+ Documentation nits
|
||||
+ Replace wrapper Collections.sort is with an instance method
|
||||
directly
|
||||
+ Replace manual comparisons with Comparator.comparingInt()
|
||||
+ Replace manual copy of array contents with System.arraycopy()
|
||||
+ Fix thread safety issues when encoding 7z password
|
||||
+ bzip2: calculate median-of-3 on unsigned values
|
||||
+ Use Math.min and Math.max calculations.
|
||||
+ COMPRESS-603: Expander should be able to work if an entry's
|
||||
name is "./".
|
||||
+ COMPRESS-604: Ensure compatibility with Java 8
|
||||
+ Use StringBuilder instead of StringBuffer.
|
||||
+ Inline variable. Remove redundant local variable.
|
||||
+ Use compare method
|
||||
+ Remove Unnecessary interface modifiers
|
||||
+ Avoid use C-style array declaration.
|
||||
+ ChecksumVerifyingInputStream.read() does not always validate
|
||||
checksum at end-of-stream
|
||||
+ Fix TarFileTest
|
||||
+ COMPRESS-625: Update Wikipedia link in TarUtils.java:627.
|
||||
+ COMPRESS-626: OutOfMemoryError on malformed pack200 input
|
||||
(attributes).
|
||||
+ COMPRESS-628: OutOfMemoryError on malformed pack200 input
|
||||
(org.apache.commons.compress.harmony.pack200.NewAttributeBands
|
||||
.readNextUnionCase).
|
||||
+ COMPRESS-628: OutOfMemoryError on malformed unpack200 input
|
||||
(org.apache.commons.compress.harmony.unpack200
|
||||
.NewAttributeBands.readNextUnionCase).
|
||||
+ Some input streams are not closed in org.apache.commons
|
||||
.compress.harmony.pack200.PackingUtils
|
||||
+ COMPRESS-627: Pack200 causes a 'archive.3E' error if it's not
|
||||
in the system class loader.
|
||||
- Modified patches:
|
||||
* 0001-Remove-Brotli-compressor.patch
|
||||
* 0002-Remove-ZSTD-compressor.patch
|
||||
* 0003-Remove-Pack200-compressor.patch
|
||||
+ rediff to changed context
|
||||
- Removed patch:
|
||||
* fix_java_8_compatibility.patch
|
||||
+ not needed, since we handle the compatibility differently
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 21 08:57:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
@ -100,7 +361,7 @@ Fri May 19 16:04:30 UTC 2017 - tchvatal@suse.com
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 29 14:57:33 UTC 2012 - mvyskocil@suse.com
|
||||
|
||||
- use saxon and saxon-scripts only when using maven
|
||||
- use saxon and saxon-scripts only when using maven
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 14 16:05:37 CEST 2009 - mvyskocil@suse.cz
|
||||
|
||||
Loading…
Reference in New Issue
Block a user