pool/snakeyaml
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/Java:packages/snakeyaml?expand=0&rev=17

Browse Source
This commit is contained in:
Fridrich Strba 2022-09-07 08:19:25 +00:00 committed by Git OBS Bridge
parent 224feaf936
commit 8b1a1f5354
1 changed files with 159 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
snakeyaml.changes
View File

@ -1,8 +1,68 @@
-------------------------------------------------------------------
Wed Sep 7 07:30:01 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream release 1.31
* Fixes
+ bsc#1202932 (CVE-2022-25857)
+ bsc#1203149 (CVE-2022-38749)
+ bsc#1203153 (CVE-2022-38751)
+ bsc#1203154 (CVE-2022-38752)
+ bsc#1203158 (CVE-2022-38750)
* Changes of 1.31
+ Fix #539: false positive CVE-2020-13936 (bsc#1183360)
+ Fix #537: Improved RE for integers
+ Improve restrictions against DoS attacks
+ Fix #525: Restrict nested depth for collections to avoid DoS
attacks
+ Fix #522: De-serializing key "on" fails with Exception
+ Example with Lombok and ENV variable substitution was added
+ reported issue with trailing TAB
+ fixes for reading and writing comments
* Changes of 1.30
+ Migrate to new home: snakeyaml/snakeyaml
+ fixes for reading and writing comments
+ Fix #506: Improve parsing a number starting with 0x
* Changes of 1.29
+ fixes for reading and writing comments
- Modified patches:
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
+ rebase
-------------------------------------------------------------------
Sat May 15 17:33:53 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream release 1.28
* Fixes bsc#1159488, bsc#1186088, CVE-2017-18640
* Changes of 1.28
+ Add possibility to construct enum with case sensitivity
+ Fix #493: substitution default can contain special characters
+ Add possibility to read and write comments
+ Fix #485: Alias names are too permissive compared to libyaml
and future spec
* Changes of 1.27
+ Update #307: add example
+ Add: build with CI on github
+ Fix #481: Serialize anchors that are not used by any alias
+ Fix #416: Improve dumping sequences
+ Fix #480: Anchor allows non ASCII characters while dumping
+ Fix #476: Make constructor of EnvScalarConstructor public
+ Fix #474: Parse the value of byte and short after a narrowing
primitive conversion
+ Fix yet another OWASP false positive. It complains that the
Spring controller makes SnakeYAML insecure even though
SnakeYAML does not use Spring controller and does not depend
on Spring (but the tests do). Bump spring.version from
3.2.17.RELEASE to 5.2.4.RELEASE
+ Migrated from hg to git
* Changes of 1.26
+ Fix #377: Allow configuration for preventing billion laughs
attack
+ Add: parse ENV variables similar to how it works for
docker-compose
+ Fix #468: Allow non ASCII characters in the anchor names
+ Add: expose Event.ID in Event via a getter
+ Fix #454: Add example for integer without time pattern
- Removed patch:
* 0003-fix-broken-test.patch
+ not needed since integrated upstream
@ -14,6 +74,105 @@ Sat May 15 17:33:53 UTC 2021 - Fridrich Strba <fstrba@suse.com>
Sun Nov 10 05:55:34 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream release 1.25
* Changes of 1.25
+ Fix #441: Restore the way to get anchor for a Node
+ Fix #437: Introduce setting to keep !!str tag for String even
when it contains non-printable chars
+ Update plugin versions
* Changes of 1.24
+ BaseConstructor: Factored out postponed mapping logic so
subclasses can effectively override constructMapping2ndStep()
and delegate to the postponed mapping logic
+ Fix #431: Customize simple key length when dumping
+ Fix #430: Wrap runtime exceptions into YAMLException.
+ Fix: Null tag constructor not called when parsing top-level
null value.
+ Fix #429: Provide "Automatic-Module-Name" entry in MANIFEST
+ Fix #426: Fix NPE when duplicate keys are not allowed and the
key is null
+ Apply pull request #41: Support java.sql classes without the
need to depend on java.sql module in java9+
+ Update: Java 7 is required.
+ Fix #423: Date Serialization Fails for TimeZones on Daylight
Savings Time
* Changes of 1.23
+ Update: run tests under Java 11. This is the last release to
support Java 6. As of the next release Java 7 will be required.
+ Fix #412: Restore the Boolean constructors for Events and
Nodes for binary compatibility of dependent projects
+ Fix #411: System Property "java.runtime.name" is not required
to be defined
+ Fix #409: Dumping Enum breaks when Enum value is Anonymous
inner class
* Changes of 1.21
+ Update: Scanner.peekToken() and Scanner.getToken() throw
exception instead of returning null
+ Update: Enhance output of token IDs
+ Update: Mark - expose buffer and pointer
+ Update: Improvements in the Bitbucket pipeline
+ Fix #397: Plain scalars with colons in flow sequences/mappings
are valid YAML. This change follows what happens with PyYAML
and libyaml (thanks to developers from the YAML community)
* Changes of 1.20
+ Fix #393: Improve reflective access operation to avoid warning
under Java 9
+ Hold #397: because of the inconsistent corner cases the ':' is
not yet allowed in a flow context
+ Refactor nodes and events - use enum FlowStyle instead of
Boolean (minor backwards-incompatible change)
+ Refactor ScalarToken, ScalarNode and ScalarEvent - use enum
ScalarStyle instead of Character (minor backwards-incompatible
change)
+ Refactor Mark - remove unused code (minor
backwards-incompatible change)
+ Fix #395 and #394: Introduce DuplicateKeyException and report
line number for duplicate keys when creating non-Javabeans
* Changes of 1.19
+ Apply pull request #22: Only use FIELD access for Android in
PropertyUtils
+ Apply pull request #27: Add getAnnotations() and
getAnnotation() methods to Property.
+ Apply pull request #26 and fix #383: Some configuration
properties of Representer were ignored.
+ Fix issue #386:Fix order of duplicate keys indices to prevent
wrong removals.
+ Update: major improvement when parsing JavaBeans.
+ Fix issue #382 and #322: MethodProperty should check for
generic type in getters and setters.
+ Fix issue #377: Add test for billion laughs attack.
+ Fix issue #368: Relax final restriction on TypeDescription.
+ Fix issue #375: Empty YAML file must return null instead of
throwing an exception when loading a JavaBean.
+ Fix issue #374: Localization settings (e.g. fr_CA) convert
Number type floats to ints.
+ Apply pull request #20: Provide access to node's anchor
+ Fix issue #370: Remove redundant
"Bundle-RequiredExecutionEnvironment: J2SE-1.5"
+ Fix issue #364: Serializing Calendar objects with certain
timezone offsets renders invalid YAML
* Changes of 1.18
+ Add: create Android artifact with android classifier
+ Fix issue #358: Validate DumperOptions to prevent invalid YAML
to be dumped.
+ Fix issue #355: Fix for emitter to split long plain string
scalars over multiple lines.
+ Apply pull request #13: Let Mark implement Serializable so
that ParserException can be serialized
+ Fix issue #337: Throw exception in case of duplicate keys when
LoaderOptions.allowDuplicateKeys is false.
+ Fix issue #351: Keep same nodes order on merge (preprocess
keys for MappingNode and remove duplicates keeping the last
one).
+ Fix issue #349: Ignore white spaces for base64 encoded scalar
+ Fix issue #348: Not removing parent object when composed
object is an anchor
+ Fix issue #323: Support "Miscellaneous Symbols and
Pictographs". This fix introduces minor backwards-incompatible
changes - some of the methods have been renamed. This fixes
also long standing issue with iOS emoji
+ Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters
if it contains 'null' as a key
+ Update plugin versions
- Removed patch:
* 0001-Replace-bundled-base64-implementation.patch
+ replaced by other implementation