------------------------------------------------------------------- Wed Feb 21 10:40:43 UTC 2024 - Gus Kenion - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Thu Feb 15 06:06:58 UTC 2024 - Fridrich Strba - The license is actually Plexus ------------------------------------------------------------------- Thu Nov 2 11:40:16 UTC 2023 - Anton Shvetz - JPMS: Add the Automatic-Module-Name attribute to the manifest. ------------------------------------------------------------------- Thu Aug 24 10:08:25 UTC 2023 - Fridrich Strba - Make a separate flavour for a minimal dom4j-bootstrap package used to build jaxen and full dom4j - Added patch: * 0001-no-jaxen-dom4.patch * for the bootstrap package, patch out the code that requires jaxen with dom4j support to build ------------------------------------------------------------------- Thu Aug 24 04:59:20 UTC 2023 - Fridrich Strba - Upgrade to upstream version 2.1.4 * Improvements and potentially breaking changes + Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). + If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. + Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): ° http://xml.org/sax/properties/external-general-entities ° http://xml.org/sax/properties/external-parameter-entities * Other changes: + updated pull-parser version + Reuse the writeAttribute method in writeAttributes + support build on OS with non-UTF8 as default charset + Gradle: add an automatic module name + Use Correct License Name "Plexus" + Possible vulnerability of DocumentHelper.parseText() to XML injection + CVS directories left in the source tree + XMLWriter does not escape supplementary unicode characters correctly + writer.writeOpen(x) doesn't write namespaces + concurrency problem with QNameCache + all dependencies are optional + SAXReader: hardcoded namespace features + validate QNames + StringIndexOutOfBoundsException in XMLWriter.writeElementContent() + TreeNode has grown some generics + QName serialization fix + DocumentException initialize with nested exception + Accidentally occurring error in a multi-threaded test + compatibility with W3C DOM Level 3 + use Java generics - Removed patches: * dom4j-1.6.1-bug1618750.patch * dom4j-CVE-2018-1000632.patch * dom4j-CVE-2020-10683.patch * dom4j-enable-stax-datatypes.patch * dom4j-javadoc.patch * dom4j-sourcetarget.patch + not needed with this version ------------------------------------------------------------------- Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba - Do not depend on jtidy, since it is not used during build ------------------------------------------------------------------- Wed Mar 30 09:56:14 UTC 2022 - Fridrich Strba - Build against the standalone JavaEE modules unconditionally ------------------------------------------------------------------- Mon Mar 28 13:50:07 UTC 2022 - Fridrich Strba - Add alias to the new artifact coordinates org.dom4j:dom4j - Simplify the spec file a bit ------------------------------------------------------------------- Thu Mar 17 15:40:13 UTC 2022 - Fridrich Strba - Add jaxb-api dependency for relevant distribution versions so that we can build with JDKs that do not include the JavaEE modules ------------------------------------------------------------------- Fri Apr 17 12:04:59 UTC 2020 - Pedro Monreal Gonzalez - Security fix: [bsc#1169760, CVE-2020-10683] * External Entity vulnerability in default SAX parser * Add dom4j-CVE-2020-10683.patch ------------------------------------------------------------------- Fri Jan 25 11:10:16 UTC 2019 - Cédric Bosdonnat - Build STAXEventReader, STAXEventWriter and the data types. [bsc#1123158] * Added patch dom4j-enable-stax-datatypes.patch ------------------------------------------------------------------- Tue Sep 18 10:31:28 UTC 2018 - pmonrealgonzalez@suse.com - Security fix: [bsc#1105443, CVE-2018-1000632] * Version prior to version 2.1.1 contains a CWE-91: XML Injectionvulnerability in Class: Element. Methods: addElement, addAttribute that canresult in an attacker tampering with XML documents through. * Added dom4j-CVE-2018-1000632.patch ------------------------------------------------------------------- Tue Jul 10 12:41:17 UTC 2018 - fstrba@suse.com - Added patch: * dom4j-javadoc.patch + Don't load urls while building javadoc in environment without connectivity ------------------------------------------------------------------- Wed May 16 11:56:27 UTC 2018 - fstrba@suse.com - Modified patch: * dom4j-sourcetarget.patch + Build with source and target 8 to prepare for a possible removal of 1.6 compatibility ------------------------------------------------------------------- Fri Sep 8 05:47:14 UTC 2017 - fstrba@suse.com - Added patch: * dom4j-sourcetarget.patch + Use java source and target level 1.6 in order to allow building with jdk9 ------------------------------------------------------------------- Fri May 19 09:03:12 UTC 2017 - mpluskal@suse.com - Update dependencies ------------------------------------------------------------------- Wed Mar 18 09:46:06 UTC 2015 - tchvatal@suse.com - Fix build with new javapackages-tools ------------------------------------------------------------------- Tue Jul 8 10:43:35 UTC 2014 - tchvatal@suse.com - Do not depend on ant-trax and run spec-cleaner. ------------------------------------------------------------------- Mon Sep 9 11:05:39 UTC 2013 - tchvatal@suse.com - Move from jpackage-utils to javapackage-tools ------------------------------------------------------------------- Wed Aug 28 13:57:11 UTC 2013 - mvyskocil@suse.com - use add_maven_depmap from javapackages-tools - drop repolib part (never built) - drop pointless jarjar - unversioned javadoc ------------------------------------------------------------------- Fri Mar 23 08:50:16 UTC 2012 - cfarrell@suse.com - license update: Apache-1.1 SPDX ------------------------------------------------------------------- Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de - Remove redundant tags/sections from specfile (cf. packaging guidelines) ------------------------------------------------------------------- Wed May 20 11:39:13 CEST 2009 - mvyskocil@suse.cz - 'fixed bnc#501764: removed clover.license from source tarball' ------------------------------------------------------------------- Mon May 18 15:04:56 CEST 2009 - mvyskocil@suse.cz - Removed documentation of ConcurrentReaderHashMap (bnc#504663) * dom4j-1.6.1/docs/clover/org/dom4j/tree/ConcurrentReaderHashMap.html * dom4j-1.6.1/docs/xref/org/dom4j/tree/ConcurrentReaderHashMap.html ------------------------------------------------------------------- Thu May 14 11:06:10 CEST 2009 - mvyskocil@suse.cz - Initial SUSE packaging: * spec script and jarjar build support was taken from jpackage.org 5.0 * Source of dom4j and build.xml comes from Debian unstable, as there don't need proprietary msv from sun (bnc#430592)