OBS-URL: https://build.opensuse.org/package/show/Java:packages/slf4j?expand=0&rev=54

2020-02-26 12:42:31 +00:00 · 2020-02-26 12:42:31 +00:00 · d8f011c53c
commit d8f011c53c
parent 5d319e08c6
8 changed files with 25 additions and 52 deletions
--- a/build.xml.tar.bz2
+++ b/build.xml.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:47fcab9d522d847ae071f634544b08f3067c577873d20968443e9058878100ce
-size 9111
+oid sha256:ddae17d67e1bbaf7f22546acc6e1005694ab067a36f5d8f26a67953d10c85e95
+size 9162
--- a/slf4j-Disallow-EventData-deserialization-by-default.patch
+++ b/slf4j-Disallow-EventData-deserialization-by-default.patch
@ -1,39 +0,0 @@
-Index: slf4j-1.7.12/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-===================================================================
--- slf4j-1.7.12.orig/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-+++ slf4j-1.7.12/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-@@ -76,12 +76,21 @@ public class EventData implements Serial
-      */
-     @SuppressWarnings("unchecked")
-     public EventData(String xml) {
-        ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
-        try {
-            XMLDecoder decoder = new XMLDecoder(bais);
-            this.eventData = (Map<String, Object>) decoder.readObject();
-        } catch (Exception e) {
-            throw new EventException("Error decoding " + xml, e);
-+	if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) {
-+	    ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
-+	    try {
-+		XMLDecoder decoder = new XMLDecoder(bais);
-+		this.eventData = (Map<String, Object>) decoder.readObject();
-+	    } catch (Exception e) {
-+		throw new EventException("Error decoding " + xml, e);
-+	    }
-+	} else {
-+	    throw new UnsupportedOperationException(
-+		    "Constructing EventData from XML is vulnerable to remote " +
-+                    "excution and is not allowed by default. If you're " +
-+                    "completely sure the source data is trusted, you can enable " +
-+                    "it by setting org.slf4j.ext.allowInsecureDeserialization " +
-+                    "JVM property to 1");
-         }
-     }
- 
-@@ -302,4 +311,4 @@ public class EventData implements Serial
-     public int hashCode() {
-         return this.eventData.hashCode();
-     }
-}
-\ No newline at end of file
-+}
--- a/slf4j-sources.changes
+++ b/slf4j-sources.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 26 12:40:57 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream version 1.7.30
+- Removed patch:
+  * slf4j-Disallow-EventData-deserialization-by-default.patch
+    + not needed any more
+
 -------------------------------------------------------------------
 Wed Dec 18 09:09:30 UTC 2019 - Fridrich Strba <fstrba@suse.com>

--- a/slf4j-sources.spec
+++ b/slf4j-sources.spec
@ -1,7 +1,7 @@
 #
 # spec file for package slf4j-sources
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@ -19,7 +19,7 @@

 %global base_name slf4j
 Name:           %{base_name}-sources
-Version:        1.7.25
+Version:        1.7.30
 Release:        0
 Summary:        SLF4J Source JARs
 # the log4j-over-slf4j and jcl-over-slf4j submodules are ASL 2.0, rest is MIT
@ -29,7 +29,6 @@ URL:            http://www.slf4j.org/
 Source0:        https://github.com/qos-ch/%{base_name}/archive/v_%{version}.tar.gz
 Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
 Patch2:         slf4j-commons-lang3.patch
-Patch3:         slf4j-Disallow-EventData-deserialization-by-default.patch
 BuildRequires:  javapackages-local
 BuildRequires:  xmvn-install
 BuildRequires:  xmvn-resolve
@ -44,7 +43,6 @@ SLF4J Source JARs.
 %prep
 %setup -q -n %{base_name}-v_%{version}
 %patch2 -p1
-%patch3 -p1
 find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE

--- a/slf4j.changes
+++ b/slf4j.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 26 12:40:57 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream version 1.7.30
+- Removed patch:
+  * slf4j-Disallow-EventData-deserialization-by-default.patch
+    + not needed any more
+
 -------------------------------------------------------------------
 Wed Dec 18 09:09:30 UTC 2019 - Fridrich Strba <fstrba@suse.com>

--- a/slf4j.spec
+++ b/slf4j.spec
@ -1,7 +1,7 @@
 #
 # spec file for package slf4j
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@ -18,7 +18,7 @@


 Name:           slf4j
-Version:        1.7.25
+Version:        1.7.30
 Release:        0
 Summary:        Simple Logging Facade for Java
 # the log4j-over-slf4j and jcl-over-slf4j submodules are ASL 2.0, rest is MIT
@ -30,7 +30,6 @@ Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
 Source2:        build.xml.tar.bz2
 Patch1:         build-remove-slf4j_api-binder.patch
 Patch2:         slf4j-commons-lang3.patch
-Patch3:         slf4j-Disallow-EventData-deserialization-by-default.patch
 BuildRequires:  ant >= 1.6.5
 BuildRequires:  ant-junit >= 1.6.5
 BuildRequires:  apache-commons-lang3
@ -136,7 +135,6 @@ JUL to SLF4J bridge.
 %setup -q -n %{name}-v_%{version} -a2
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE

--- a/v_1.7.25.tar.gz
+++ b/v_1.7.25.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2a55d290775d6621fdac0e3b21e257707f8870dbc78c6ea3712ed6e68536ea51
-size 2273375
--- a/v_1.7.30.tar.gz
+++ b/v_1.7.30.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:217519588d0dd1f85cee2357ca31afdd7c0a1a8a6963953b3bf455cf5174633e
+size 2272772