From 40745e7a3280a32b605258b274e74eed0a6e788deb3628cd556cfa8c6e1fdad0 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 17 Oct 2022 04:46:38 +0000 Subject: [PATCH 1/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/jsoup?expand=0&rev=12 --- _service | 6 ++++-- jsoup-1.14.2.tar.xz | 3 --- jsoup-1.15.3.tar.xz | 3 +++ jsoup-build.xml | 2 +- jsoup.spec | 6 +++--- 5 files changed, 11 insertions(+), 9 deletions(-) delete mode 100644 jsoup-1.14.2.tar.xz create mode 100644 jsoup-1.15.3.tar.xz diff --git a/_service b/_service index 577f47c..5ffdfba 100644 --- a/_service +++ b/_service @@ -2,8 +2,10 @@ git https://github.com/jhy/jsoup.git - 1.14.2 - jsoup-1.14.2 + jsoup-1.15.3 + jsoup-* + @PARENT_TAG@ + jsoup-(.*) src/test/resources diff --git a/jsoup-1.14.2.tar.xz b/jsoup-1.14.2.tar.xz deleted file mode 100644 index 3059833..0000000 --- a/jsoup-1.14.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0857c2c3399879acdd239ef3d56fdcbfe73311d304cf72fb9f3c7ac24f3ef221 -size 227624 diff --git a/jsoup-1.15.3.tar.xz b/jsoup-1.15.3.tar.xz new file mode 100644 index 0000000..ad45566 --- /dev/null +++ b/jsoup-1.15.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cbc46c73b0316f0dd14c6ac39c31373160410d0117df30589d480710ca005b27 +size 249288 diff --git a/jsoup-build.xml b/jsoup-build.xml index b24b1f1..cc833b0 100644 --- a/jsoup-build.xml +++ b/jsoup-build.xml @@ -11,7 +11,7 @@ - + diff --git a/jsoup.spec b/jsoup.spec index 43e339a..437a7cc 100644 --- a/jsoup.spec +++ b/jsoup.spec @@ -1,7 +1,7 @@ # # spec file for package jsoup # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: jsoup -Version: 1.14.2 +Version: 1.15.3 Release: 0 Summary: Java library for working with HTML License: MIT @@ -28,7 +28,7 @@ Source0: %{name}-%{version}.tar.xz Source1: %{name}-build.xml BuildRequires: ant BuildRequires: fdupes -BuildRequires: java-devel >= 1.7 +BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local BuildRequires: jsr-305 BuildArch: noarch From a3a5dcc89f45df0d6a618adcea6ebfc0c5b2b1e0f30121838166f52e03dc04a0 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 17 Oct 2022 07:57:58 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/jsoup?expand=0&rev=13 --- jsoup-build.xml | 8 ++- jsoup.changes | 178 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 184 insertions(+), 2 deletions(-) diff --git a/jsoup-build.xml b/jsoup-build.xml index cc833b0..9cf3233 100644 --- a/jsoup-build.xml +++ b/jsoup-build.xml @@ -131,12 +131,16 @@ + - - + + + + + diff --git a/jsoup.changes b/jsoup.changes index 69ebd21..83ea5eb 100644 --- a/jsoup.changes +++ b/jsoup.changes @@ -1,3 +1,181 @@ +------------------------------------------------------------------- +Mon Oct 17 05:42:39 UTC 2022 - Fridrich Strba + +- Upgrade to upstream version 1.15.3 +- Changes of 1.15.3 + * Security + + Fixed bsc#1203459 (CVE-2022-36033), an issue where the jsoup + cleaner may incorrectly sanitize crafted XSS attempts if + SafeList.preserveRelativeLinks is enabled. See the security + advisory for more details. + * Improvements + + The Cleaner will preserve the source position of cleaned + elements, if source tracking is enabled in the original parse. + + The error messages output from Validate are more descriptive. + Exceptions are now ValidationExceptions + (extending IllegalArgumentException). Stack traces do not + include the Validate class, to make it simpler to see where + the exception originated. Common validation errors including + malformed URLs and empty selector results have more explicit + error messages. + + Build Improvement: added implementation version and related + fields to the jar manifest. + * Bug Fixes + + The DataUtil would incorrectly read from InputStreams that + emitted reads less than the requested size. This lead to + incorrect results when parsing from chunked server responses, + for example. +- Changes of 1.15.2 + * Improvements + + Added the ability to track the position (line, column, index) + in the original input source from where a given node was + parsed. Accessible via Node.sourceRange() and + Element.endSourceRange(). + + Added Element.firstElementChild(), Element.lastElementChild(), + Node.firstChild(), Node.lastChild(), as convenient accessors + to those child nodes and elements. + + Added Element.expectFirst(), which is just like + Element.selectFirst(), but instead of returning a null if + there is no match, will throw an IllegalArgumentException. + This is useful if you want to simply abort processing if an + expected match is not found, such as in test cases. + + When pretty-printing HTML, doctypes are emitted on a newline + if there is a preceding comment. + + When pretty-printing, trim the leading and trailing spaces of + textnodes in block tags when possible, so that they are + indented correctly. + + In Element.selectXpath(), disable namespace awareness. This + makes it possible to always select elements by their simple + local name, regardless of whether an xmlns attribute was set. + * Bug Fixes + + When using the DataUtil.readToByteBuffer() method, such as in + Connection.Response.body(), if the document has not already + been parsed and must be read fully, and there is any maximum + buffer size being applied, only the default internal buffer + size was read. + + When serializing HTML, newlines in elements descending from a + pre tag were incorrectly skipped. That caused what should have + been preformatted output to instead be a run of text. + + When pretty-print serializing HTML, newlines separating + phrasing content (e.g. a tag within a

tag would be + incorrectly skipped, instead of normalized to a space. + Additionally, improved space normalization between other end + of line occurences, and whitespace handling after a closing + +- Changes of 1.15.1 + * Changes + + Removed previously deprecated methods and classes (including + org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist + instead). + * Improvements + + When converting jsoup Documents to W3C Documents in W3CDom, + preserve HTML valid attribute names if the input document is + using the HTML syntax. (Previously, would always coerce using + the more restrictive XML syntax.) + + Added the :containsWholeText(text) selector, to match against + non-normalized Element text. That can be useful when elements + can only be distinguished by e.g. specific case, or leading + whitespace, etc. + + Added Element#wholeOwnText() to retrieve the original + (non-normalized) ownText of an Element. Also added the + :containsWholeOwnText(text) selector, to match against that. + BR elements are now treated as newlines in the wholeText + methods. + + Added the :matchesWholeText(regex) and + :matchesWholeOwnText(regex) selectors, to match against whole + (non-normalized, case sensitive) element text and own text, + respectively. + + When evaluating an XPath query against a context element, the + complete document is now visible to the query, vs only the + context element's sub-tree. This enables support for queries + outside (parent or sibling) the element, e.g. + ancestor-or-self::*. + + Allow a maxPaddingWidth on the indent level in OutputSettings + when pretty printing. This defaults to 30 to limit the indent + level for very deeply nested elements, and may be disabled by + setting to -1. + + When cloning a Node or an Element, the clone gets a cloned + OwnerDocument containing only that clone, so as to preserve + applicable settings, such as the Pretty Print settings. + + Added a convenience method Jsoup.parse(File). + + In the NodeTraversor, added default implementations for + NodeVisitor.tail() and NodeFilter.tail(), so that code using + only head() methods can be written as lambdas. + + In NodeTraversor, added support for removing nodes via + Node.remove() during NodeVisitor.head(). + + Added Node.forEachNode(Consumer) and + Element.forEach(Consumer) should not emit a parse + error. + + When throwing a SelectorParseException for an invalid + selector, don't try to String.format the input, as that could + throw an IllegalFormatException. + + When serializing HTML with Pretty Print enabled, extraneous + whitespace may be added on closing tags, or extra newlines may + be added at the end of script blocks. + + When copy-creating a Safelist from another, perform a + deep-copy of the original's settings, so that changes to the + original after creation do not affect the copy. + + Speed improvement when parsing constructed HTML containing + very deeply incorrectly stacked formatting elements with many + attributes. + + During parsing, a StackOverflowException was possible given + crafted HTML with hundreds of nested table elements followed + by invalid formatting elements. +- Changes of 1.14.3 + * Improvements + + Added native XPath support with Element.selectXpath(String) + + Added full support for the