- Version update to 2.0b6 bnc#967593 CVE-2016-2510

* Upstream developement moved to github * No obvious changelog apart from the above - Refreshed/updated patches: * bsh-2.0b5-docs.patch * bsh2-ClassGeneratorUtil.patch * bsh2-asm.patch * bsh2-fix-tests.patch - Delete needless patch: * bsh2-standard-script-api.patch OBS-URL: https://build.opensuse.org/package/show/Java:packages/bsh2?expand=0&rev=27
2016-02-23 17:47:02 +00:00 · 2016-02-23 17:47:02 +00:00 · cc84a41afc
commit cc84a41afc
parent eaa6f4c9e7
9 changed files with 65 additions and 93 deletions
--- a/2.0b6.tar.gz
+++ b/2.0b6.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dbcd8296a0aa81b5edc80a5421841b968d031332ffcebf3b2c877969669f5cad
+size 1720334
--- a/bsh-2.0b5-docs.patch
+++ b/bsh-2.0b5-docs.patch
@ -1,7 +1,7 @@
-Index: BeanShell-2.0b5/docs/faq/faq.xsl
+Index: beanshell-2.0b6/docs/faq/faq.xsl
 ===================================================================
--- BeanShell-2.0b5.orig/docs/faq/faq.xsl	2005-06-10 19:20:48.000000000 +0200
-+++ BeanShell-2.0b5/docs/faq/faq.xsl	2011-03-11 10:22:15.465882372 +0100
+--- beanshell-2.0b6.orig/docs/faq/faq.xsl
+++ beanshell-2.0b6/docs/faq/faq.xsl
@@ -18,7 +18,7 @@
 <!--xsl:param name="imagedir"/-->
 
@ -11,10 +11,10 @@ Index: BeanShell-2.0b5/docs/faq/faq.xsl
 
 <!-- 
 	Root
-Index: BeanShell-2.0b5/docs/manual/xsl/manual.xsl
+Index: beanshell-2.0b6/docs/manual/xsl/manual.xsl
 ===================================================================
--- BeanShell-2.0b5.orig/docs/manual/xsl/manual.xsl	2005-06-10 19:20:50.000000000 +0200
-+++ BeanShell-2.0b5/docs/manual/xsl/manual.xsl	2011-03-11 10:29:22.272450854 +0100
+--- beanshell-2.0b6.orig/docs/manual/xsl/manual.xsl
+++ beanshell-2.0b6/docs/manual/xsl/manual.xsl
@@ -1,6 +1,6 @@
 <xsl:stylesheet	
 	xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
@ -23,12 +23,3 @@ Index: BeanShell-2.0b5/docs/manual/xsl/manual.xsl
     extension-element-prefixes="redirect"
 >
 
-@@ -29,7 +29,7 @@
- <xsl:param name="pagesdir"/>
- 
- <!-- Output directives -->
-<xsl:output method="xhtml" indent="no"/>
-+<xsl:output method="html" indent="no"/>
- 
- <!-- 
- 	Root
--- a/bsh-2.0b5-src.tar.bz2
+++ b/bsh-2.0b5-src.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:47f5b7757cf04e93c2dc06700e0ef89ba6fe42adda37feb07aa72e575f81f4dd
-size 1230160
--- a/bsh2-ClassGeneratorUtil.patch
+++ b/bsh2-ClassGeneratorUtil.patch
@ -1,11 +1,13 @@
--- src/bsh/ClassGeneratorUtil.java.sav	2008-08-19 13:01:12.000000000 +0200
-+++ src/bsh/ClassGeneratorUtil.java	2008-08-19 13:01:59.000000000 +0200
-@@ -192,7 +192,7 @@
+Index: src/bsh/ClassGeneratorUtil.java
+===================================================================
+--- src/bsh/ClassGeneratorUtil.java.orig
+++ src/bsh/ClassGeneratorUtil.java
+@@ -213,7 +213,7 @@ public class ClassGeneratorUtil implemen
 
 		String sourceFile = "BeanShell Generated via ASM (www.objectweb.org)";
 		ClassWriter cw = new ClassWriter(true);
-		cw.visit( classMods, fqClassName, superClassName, 
-+		cw.visit( 0x30, classMods, fqClassName, superClassName, 
+-		cw.visit( classMods, fqClassName, superClassName,
+		cw.visit( 0x30, classMods, fqClassName, superClassName,
 			interfaceNames, sourceFile );
 
 		if ( !isInterface )
--- a/bsh2-asm.patch
+++ b/bsh2-asm.patch
@ -1,38 +1,47 @@
-Index: BeanShell-2.0b5/src/bsh/ClassGeneratorUtil.java
+Index: beanshell-2.0b6/src/bsh/ClassGeneratorUtil.java
 ===================================================================
--- BeanShell-2.0b5.orig/src/bsh/ClassGeneratorUtil.java	2010-08-09 13:47:18.951873609 +0200
-+++ BeanShell-2.0b5/src/bsh/ClassGeneratorUtil.java	2010-08-09 13:47:21.344997553 +0200
-@@ -303,7 +303,7 @@
- 	static void generateField( 
- 		String fieldName, String type, int modifiers, ClassWriter cw ) 
+--- beanshell-2.0b6.orig/src/bsh/ClassGeneratorUtil.java
+++ beanshell-2.0b6/src/bsh/ClassGeneratorUtil.java
+@@ -329,7 +329,7 @@ public class ClassGeneratorUtil implemen
+ 	static void generateField(
+ 		String fieldName, String type, int modifiers, ClassWriter cw )
 	{
 -		cw.visitField( modifiers, fieldName, type, null/*value*/ );
 +		cw.visitField( modifiers, fieldName, type, null, null );
 	}
- 	
+ 
 	/**
-@@ -327,7 +327,7 @@
+@@ -353,7 +353,7 @@ public class ClassGeneratorUtil implemen
 
 		// Generate method body
- 		CodeVisitor cv = cw.visitMethod( 
+ 		CodeVisitor cv = cw.visitMethod(
 -			modifiers, methodName, methodDescriptor, exceptions );
 +			modifiers, methodName, methodDescriptor, exceptions, null );
 
 		if ( (modifiers & ACC_ABSTRACT) != 0 )
 			return;
-@@ -405,7 +405,7 @@
+@@ -429,7 +429,7 @@ public class ClassGeneratorUtil implemen
 
 		// Create this constructor method
- 		CodeVisitor cv = 
+ 		CodeVisitor cv =
 -			cw.visitMethod( modifiers, "<init>", methodDescriptor, exceptions );
 +			cw.visitMethod( modifiers, "<init>", methodDescriptor, exceptions, null );
 
 		// Generate code to push arguments as an object array
 		generateParameterReifierCode( paramTypes, false/*isStatic*/, cv );
-@@ -606,7 +606,7 @@
+@@ -466,7 +466,7 @@ public class ClassGeneratorUtil implemen
+ 	void generateStaticInitializer( ClassWriter cw )
+ 	{
+ 		CodeVisitor cv =
+-			cw.visitMethod( ACC_STATIC, "<clinit>", "()V", null/*exceptions*/ );
+			cw.visitMethod( ACC_STATIC, "<clinit>", "()V", null/*exceptions*/, null );
+ 
+ 		// Generate code to invoke the ClassGeneratorUtil initStatic() method
+ 
+@@ -669,7 +669,7 @@ public class ClassGeneratorUtil implemen
 
 		// Add method body
- 		CodeVisitor cv = cw.visitMethod( 
+ 		CodeVisitor cv = cw.visitMethod(
 -			modifiers, "_bshSuper"+methodName, methodDescriptor, exceptions );
 +			modifiers, "_bshSuper"+methodName, methodDescriptor, exceptions, null );
 
--- a/bsh2-fix-tests.patch
+++ b/bsh2-fix-tests.patch
@ -1,17 +1,8 @@
-Index: BeanShell-2.0b5/engine/src/TestBshScriptEngine.java
+Index: beanshell-2.0b6/engine/src/TestBshScriptEngine.java
 ===================================================================
--- BeanShell-2.0b5.orig/engine/src/TestBshScriptEngine.java	2005-06-12 16:45:52.000000000 +0200
-+++ BeanShell-2.0b5/engine/src/TestBshScriptEngine.java	2009-11-25 09:12:27.361877742 +0100
-@@ -42,7 +42,7 @@
- 		engine.eval("foo() { return foo+1; }");
- 		// invoke a method
- 		Invocable invocable = (Invocable) engine;
-		int foo = (Integer)invocable.invoke( "foo" );
-+		int foo = (Integer)invocable.invokeFunction( "foo", null );
- 		assertTrue( foo == 43 );
- 
- 		// get interface
-@@ -53,6 +53,7 @@
+--- beanshell-2.0b6.orig/engine/src/TestBshScriptEngine.java
+++ beanshell-2.0b6/engine/src/TestBshScriptEngine.java
+@@ -54,6 +54,7 @@ public class TestBshScriptEngine
 		runnable.run();
 		assertTrue( (Boolean)engine.get("flag") == true );
 
@ -19,7 +10,7 @@ Index: BeanShell-2.0b5/engine/src/TestBshScriptEngine.java
 		// get interface from scripted object
 		engine.eval(
 			"flag2=false; myObj() { run() { flag2=true; } return this; }");
-@@ -63,6 +64,7 @@
+@@ -64,6 +65,7 @@ public class TestBshScriptEngine
 			(Runnable)invocable.getInterface( scriptedObject, Runnable.class );
 		runnable.run();
 		assertTrue( (Boolean)engine.get("flag2") == true );
--- a/bsh2-standard-script-api.patch
+++ b/bsh2-standard-script-api.patch
@ -1,28 +0,0 @@
-Index: BeanShell-2.0b5/engine/src/bsh/engine/BshScriptEngine.java
-===================================================================
--- BeanShell-2.0b5.orig/engine/src/bsh/engine/BshScriptEngine.java	2005-06-12 13:02:26.000000000 +0200
-+++ BeanShell-2.0b5/engine/src/bsh/engine/BshScriptEngine.java	2009-11-25 09:17:39.043206986 +0100
-@@ -227,6 +227,11 @@
- 			throw new ScriptException( e.toString() );
- 		}
- 	}
-+        //JDK6 compatible method
-+        public Object invokeMethod( Object thiz, String name, Object... args ) throws ScriptException, NoSuchMethodException
-+        {
-+            return invoke(thiz, name, args);
-+        }
- 
- 	/**
- 	 * Same as invoke(Object, String, Object...) with <code>null</code> as the
-@@ -247,6 +252,11 @@
- 	{
- 		return invoke( getGlobal(), name, args );
- 	}
-+        //JDK6 compatible method
-+        public Object invokeFunction(String name, Object... args ) throws ScriptException, NoSuchMethodException
-+        {
-+            return invoke(name, args);
-+        }
- 
- 		/**
- 	 * Returns an implementation of an interface using procedures compiled in the
--- a/bsh2.changes
+++ b/bsh2.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Feb 23 17:36:36 UTC 2016 - tchvatal@suse.com
+
+- Version update to 2.0b6 bnc#967593 CVE-2016-2510
+  * Upstream developement moved to github
+  * No obvious changelog apart from the above
+- Refreshed/updated patches:
+  * bsh-2.0b5-docs.patch
+  * bsh2-ClassGeneratorUtil.patch
+  * bsh2-asm.patch
+  * bsh2-fix-tests.patch
+- Delete needless patch:
+  * bsh2-standard-script-api.patch
+
 -------------------------------------------------------------------
 Tue Mar 24 11:11:46 UTC 2015 - tchvatal@suse.com

--- a/bsh2.spec
+++ b/bsh2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package bsh2
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2000-2008, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@ -18,15 +18,15 @@


 %define orig_name bsh
-%define fversion  2.0b5
+%define fversion  2.0b6
 Name:           bsh2
-Version:        2.0.0.b5
+Version:        2.0.0.b6
 Release:        0
 Summary:        Lightweight Scripting for Java (BeanShell Version 2.x)
 License:        SPL-1.0 or LGPL-2.0+
 Group:          Development/Libraries/Java
 Url:            http://www.beanshell.org/
-Source0:        http://www.beanshell.org/%{orig_name}-%{fversion}-src.tar.bz2
+Source0:        https://github.com/beanshell/beanshell/archive/%{fversion}.tar.gz
 Source1:        beanshell-2.0b5.pom
 Source2:        bsh-classpath-2.0b5.pom
 Source3:        bsh-commands-2.0b5.pom
@ -42,7 +42,6 @@ Patch2:         %{name}-ClassGeneratorUtil.patch
 Patch3:         bsh-2.0b5-docs.patch
 #PATCH-FIX-OPENSUSE: those two patches fixes a compatibility with a standard javax.script API
 Patch1000:      bsh2-fix-tests.patch
-Patch1001:      bsh2-standard-script-api.patch
 BuildRequires:  ant
 BuildRequires:  asm >= 1.5.3
 BuildRequires:  asm-javadoc
@ -128,12 +127,11 @@ Requires:       %{name} = %{version}-%{release}
 Lightweight Scripting for Java (BeanShell Version 2.x) (demo and samples).

 %prep
-%setup -q -n BeanShell-%{fversion}
+%setup -q -n beanshell-%{fversion}
 %patch1 -p1
 %patch2
 %patch3 -p1
 %patch1000 -p1
-%patch1001 -p1
 for j in $(find . -name "*.jar"); do
    mv $j $j.no
 done
@ -173,8 +171,8 @@ ant \
 %install
 # jars
 mkdir -p %{buildroot}%{_javadir}/%{name}
-#rap#%__rm -f dist/%{orig_name}-%{fversion}.jar
 rm -f dist/%{orig_name}-%{fversion}-src.jar
+rm -f dist/%{orig_name}-%{fversion}-sources.jar
 for jar in dist/*.jar; do
  install -m 644 ${jar} %{buildroot}%{_javadir}/%{name}/`basename ${jar} -%{fversion}.jar`-%{version}.jar
 done
@ -240,7 +238,7 @@ find %{buildroot}%{_datadir}/%{name} -type f ! -name "*.bsh" \
 # bshservlet
 mkdir -p %{buildroot}%{_datadir}/%{name}/bshservlet
 (cd %{buildroot}%{_datadir}/%{name}/bshservlet
-jar xf $RPM_BUILD_DIR/BeanShell-%{fversion}/dist/bshservlet.war
+jar xf $RPM_BUILD_DIR/beanshell-%{fversion}/dist/bshservlet.war
 )
 # scripts
 mkdir -p %{buildroot}%{_bindir}
@ -265,11 +263,6 @@ if [ -n "\$BSH_DEBUG" ]; then
  BASE_FLAGS=-Ddebug=true
 fi
 BASE_JARS="%{name}.jar"
-#if [ -f /usr/lib/libJavaReadline.so ]; then
-#  BASE_FLAGS="$BASE_FLAGS -Djava.library.path=/usr/lib"
-#  BASE_FLAGS="\$BASE_FLAGS -Dbsh.console.readlinelib=GnuReadline"
-#  BASE_JARS="\$BASE_JARS libreadline-java.jar"
-#fi
 # Set parameters
 set_jvm
 set_classpath \$BASE_JARS
@ -289,7 +282,7 @@ cat scripts/bshdoc.bsh >> %{buildroot}%{_bindir}/%{name}doc
 %defattr(0644,root,root,0755)
 %attr(0755,root,root) %{_bindir}/%{name}
 %attr(0755,root,root) %{_bindir}/%{name}doc
-%doc src/License.txt
+%doc LICENSE
 %dir %{_javadir}/%{name}
 %{_javadir}/%{name}/%{orig_name}-%{version}.jar
 %{_javadir}/%{name}/%{orig_name}.jar