forked from pool/jsoup
Accepting request 1012018 from Java:packages
bsc#1203459, CVE-2022-36033 OBS-URL: https://build.opensuse.org/request/show/1012018 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jsoup?expand=0&rev=3
This commit is contained in:
commit
0728167069
6
_service
6
_service
@ -2,8 +2,10 @@
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="scm">git</param>
|
||||
<param name="url">https://github.com/jhy/jsoup.git</param>
|
||||
<param name="version">1.14.2</param>
|
||||
<param name="revision">jsoup-1.14.2</param>
|
||||
<param name="revision">jsoup-1.15.3</param>
|
||||
<param name="match-tag">jsoup-*</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">jsoup-(.*)</param>
|
||||
<param name="exclude">src/test/resources</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0857c2c3399879acdd239ef3d56fdcbfe73311d304cf72fb9f3c7ac24f3ef221
|
||||
size 227624
|
BIN
jsoup-1.15.3.tar.xz
(Stored with Git LFS)
Normal file
BIN
jsoup-1.15.3.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -11,7 +11,7 @@
|
||||
<property name="project.name" value="jsoup Java HTML Parser"/>
|
||||
<property name="project.groupId" value="org.jsoup"/>
|
||||
<property name="project.artifactId" value="jsoup"/>
|
||||
<property name="project.version" value="1.14.2"/>
|
||||
<property name="project.version" value="1.15.3"/>
|
||||
<property name="project.description" value="jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do."/>
|
||||
<property name="project.organization.name" value="Jonathan Hedley"/>
|
||||
<property name="project.build.sourceEncoding" value="UTF-8"/>
|
||||
@ -131,12 +131,16 @@
|
||||
<attribute name="Bundle-Description" value="${project.description}"/>
|
||||
<attribute name="Bundle-DocURL" value="https://jsoup.org/"/>
|
||||
<attribute name="Bundle-License" value="https://jsoup.org/license"/>
|
||||
<attribute name="Bundle-ManifestVersion" value="2"/>
|
||||
<attribute name="Bundle-Name" value="${project.name}"/>
|
||||
<attribute name="Bundle-SymbolicName" value="org.jsoup"/>
|
||||
<attribute name="Bundle-Vendor" value="${project.organization.name}"/>
|
||||
<attribute name="Bundle-Version" value="${project.version}"/>
|
||||
<attribute name="Export-Package" value="org.jsoup;uses:="javax.annotation,javax.net.ssl,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety";version="${project.version}",org.jsoup.examples;uses:="org.jsoup.nodes";version="${project.version}",org.jsoup.helper;uses:="javax.annotation,javax.net.ssl,javax.xml.parsers,org.jsoup,org.jsoup.nodes,org.jsoup.parser,org.jsoup.select,org.w3c.dom";version="${project.version}",org.jsoup.internal;uses:="javax.annotation,javax.annotation.meta";version="${project.version}",org.jsoup.nodes;uses:="javax.annotation,org.jsoup,org.jsoup.parser,org.jsoup.select";version="${project.version}",org.jsoup.parser;uses:="javax.annotation,org.jsoup.nodes";version="${project.version}",org.jsoup.safety;uses:="org.jsoup.nodes";version="${project.version}",org.jsoup.select;uses:="javax.annotation,org.jsoup.nodes";version="${project.version}""/>
|
||||
<attribute name="Import-Package" value="javax.annotation,javax.annotation.meta,javax.net.ssl,javax.xml.parsers,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.stream,org.jsoup,org.jsoup.helper,org.jsoup.internal,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety,org.jsoup.select,org.w3c.dom"/>
|
||||
<attribute name="Export-Package" value="org.jsoup.examples;uses:="org.jsoup.nodes";version="%{project.version}",org.jsoup.helper;uses:="javax.annotation,javax.net.ssl,javax.xml.parsers,org.jsoup,org.jsoup.nodes,org.jsoup.parser,org.jsoup.select,org.w3c.dom";version="%{project.version}",org.jsoup.internal;uses:="javax.annotation,javax.annotation.meta";version="%{project.version}",org.jsoup.nodes;uses:="javax.annotation,org.jsoup,org.jsoup.helper,org.jsoup.parser,org.jsoup.select";version="%{project.version}",org.jsoup.parser;uses:="javax.annotation,org.jsoup.nodes";version="%{project.version}",org.jsoup.safety;uses:="org.jsoup.nodes";version="%{project.version}",org.jsoup.select;uses:="javax.annotation,org.jsoup.nodes";version="%{project.version}",org.jsoup;uses:="javax.annotation,javax.net.ssl,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety";version="%{project.version}""/>
|
||||
<attribute name="Implementation-Title" value="jsoup Java HTML Parser"/>
|
||||
<attribute name="Implementation-Vendor" value="Jonathan Hedley"/>
|
||||
<attribute name="Implementation-Version" value="%{project.version}"/>
|
||||
<attribute name="Import-Package" value="javax.annotation.meta;resolution:=optional,javax.annotation;resolution:=optional,javax.net.ssl,javax.xml.namespace,javax.xml.parsers,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.stream,javax.xml.xpath,org.jsoup,org.jsoup.helper,org.jsoup.internal,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety,org.jsoup.select,org.w3c.dom"/>
|
||||
<attribute name="Require-Capability" value="osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=${compiler.target}))""/>
|
||||
</manifest>
|
||||
</jar>
|
||||
|
178
jsoup.changes
178
jsoup.changes
@ -1,3 +1,181 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 17 05:42:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Upgrade to upstream version 1.15.3
|
||||
- Changes of 1.15.3
|
||||
* Security
|
||||
+ Fixed bsc#1203459 (CVE-2022-36033), an issue where the jsoup
|
||||
cleaner may incorrectly sanitize crafted XSS attempts if
|
||||
SafeList.preserveRelativeLinks is enabled. See the security
|
||||
advisory for more details.
|
||||
* Improvements
|
||||
+ The Cleaner will preserve the source position of cleaned
|
||||
elements, if source tracking is enabled in the original parse.
|
||||
+ The error messages output from Validate are more descriptive.
|
||||
Exceptions are now ValidationExceptions
|
||||
(extending IllegalArgumentException). Stack traces do not
|
||||
include the Validate class, to make it simpler to see where
|
||||
the exception originated. Common validation errors including
|
||||
malformed URLs and empty selector results have more explicit
|
||||
error messages.
|
||||
+ Build Improvement: added implementation version and related
|
||||
fields to the jar manifest.
|
||||
* Bug Fixes
|
||||
+ The DataUtil would incorrectly read from InputStreams that
|
||||
emitted reads less than the requested size. This lead to
|
||||
incorrect results when parsing from chunked server responses,
|
||||
for example.
|
||||
- Changes of 1.15.2
|
||||
* Improvements
|
||||
+ Added the ability to track the position (line, column, index)
|
||||
in the original input source from where a given node was
|
||||
parsed. Accessible via Node.sourceRange() and
|
||||
Element.endSourceRange().
|
||||
+ Added Element.firstElementChild(), Element.lastElementChild(),
|
||||
Node.firstChild(), Node.lastChild(), as convenient accessors
|
||||
to those child nodes and elements.
|
||||
+ Added Element.expectFirst(), which is just like
|
||||
Element.selectFirst(), but instead of returning a null if
|
||||
there is no match, will throw an IllegalArgumentException.
|
||||
This is useful if you want to simply abort processing if an
|
||||
expected match is not found, such as in test cases.
|
||||
+ When pretty-printing HTML, doctypes are emitted on a newline
|
||||
if there is a preceding comment.
|
||||
+ When pretty-printing, trim the leading and trailing spaces of
|
||||
textnodes in block tags when possible, so that they are
|
||||
indented correctly.
|
||||
+ In Element.selectXpath(), disable namespace awareness. This
|
||||
makes it possible to always select elements by their simple
|
||||
local name, regardless of whether an xmlns attribute was set.
|
||||
* Bug Fixes
|
||||
+ When using the DataUtil.readToByteBuffer() method, such as in
|
||||
Connection.Response.body(), if the document has not already
|
||||
been parsed and must be read fully, and there is any maximum
|
||||
buffer size being applied, only the default internal buffer
|
||||
size was read.
|
||||
+ When serializing HTML, newlines in elements descending from a
|
||||
pre tag were incorrectly skipped. That caused what should have
|
||||
been preformatted output to instead be a run of text.
|
||||
+ When pretty-print serializing HTML, newlines separating
|
||||
phrasing content (e.g. a <span> tag within a <p> tag would be
|
||||
incorrectly skipped, instead of normalized to a space.
|
||||
Additionally, improved space normalization between other end
|
||||
of line occurences, and whitespace handling after a closing
|
||||
</body>
|
||||
- Changes of 1.15.1
|
||||
* Changes
|
||||
+ Removed previously deprecated methods and classes (including
|
||||
org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist
|
||||
instead).
|
||||
* Improvements
|
||||
+ When converting jsoup Documents to W3C Documents in W3CDom,
|
||||
preserve HTML valid attribute names if the input document is
|
||||
using the HTML syntax. (Previously, would always coerce using
|
||||
the more restrictive XML syntax.)
|
||||
+ Added the :containsWholeText(text) selector, to match against
|
||||
non-normalized Element text. That can be useful when elements
|
||||
can only be distinguished by e.g. specific case, or leading
|
||||
whitespace, etc.
|
||||
+ Added Element#wholeOwnText() to retrieve the original
|
||||
(non-normalized) ownText of an Element. Also added the
|
||||
:containsWholeOwnText(text) selector, to match against that.
|
||||
BR elements are now treated as newlines in the wholeText
|
||||
methods.
|
||||
+ Added the :matchesWholeText(regex) and
|
||||
:matchesWholeOwnText(regex) selectors, to match against whole
|
||||
(non-normalized, case sensitive) element text and own text,
|
||||
respectively.
|
||||
+ When evaluating an XPath query against a context element, the
|
||||
complete document is now visible to the query, vs only the
|
||||
context element's sub-tree. This enables support for queries
|
||||
outside (parent or sibling) the element, e.g.
|
||||
ancestor-or-self::*.
|
||||
+ Allow a maxPaddingWidth on the indent level in OutputSettings
|
||||
when pretty printing. This defaults to 30 to limit the indent
|
||||
level for very deeply nested elements, and may be disabled by
|
||||
setting to -1.
|
||||
+ When cloning a Node or an Element, the clone gets a cloned
|
||||
OwnerDocument containing only that clone, so as to preserve
|
||||
applicable settings, such as the Pretty Print settings.
|
||||
+ Added a convenience method Jsoup.parse(File).
|
||||
+ In the NodeTraversor, added default implementations for
|
||||
NodeVisitor.tail() and NodeFilter.tail(), so that code using
|
||||
only head() methods can be written as lambdas.
|
||||
+ In NodeTraversor, added support for removing nodes via
|
||||
Node.remove() during NodeVisitor.head().
|
||||
+ Added Node.forEachNode(Consumer<Node>) and
|
||||
Element.forEach(Consumer<Element) methods, to efficiently
|
||||
traverse the DOM with a functional interface.
|
||||
* Bug Fixes
|
||||
+ Boolean attribute names should be case-insensitive, but were
|
||||
not when the parser was configured to preserve case.
|
||||
+ When reading from SequenceInputStreams across the buffer, the
|
||||
input stream was closed too early, resulting in missed
|
||||
content.
|
||||
+ A comment with all dashes (<!----->) should not emit a parse
|
||||
error.
|
||||
+ When throwing a SelectorParseException for an invalid
|
||||
selector, don't try to String.format the input, as that could
|
||||
throw an IllegalFormatException.
|
||||
+ When serializing HTML with Pretty Print enabled, extraneous
|
||||
whitespace may be added on closing tags, or extra newlines may
|
||||
be added at the end of script blocks.
|
||||
+ When copy-creating a Safelist from another, perform a
|
||||
deep-copy of the original's settings, so that changes to the
|
||||
original after creation do not affect the copy.
|
||||
+ Speed improvement when parsing constructed HTML containing
|
||||
very deeply incorrectly stacked formatting elements with many
|
||||
attributes.
|
||||
+ During parsing, a StackOverflowException was possible given
|
||||
crafted HTML with hundreds of nested table elements followed
|
||||
by invalid formatting elements.
|
||||
- Changes of 1.14.3
|
||||
* Improvements
|
||||
+ Added native XPath support with Element.selectXpath(String)
|
||||
+ Added full support for the <template> tag, up to the HTML5
|
||||
parser spec.
|
||||
+ Added support in CharacterReader to track newlines, so that
|
||||
parse errors can be reported more intuitively.
|
||||
+ Tracked parse errors now have more details, including the
|
||||
erroneous token, to help clarify the errors.
|
||||
+ Speed and memory optimizations for the :has(subquery)
|
||||
selector.
|
||||
+ The :contains(text) and :containsOwn(text) selectors are now
|
||||
whitespace normalized, aligning to the document text that they
|
||||
are matching against.
|
||||
+ In Element, speed optimized adopting all of an element's child
|
||||
nodes into a currently empty element. Improves the HTML
|
||||
adoption agency algorithm when adopting elements with many
|
||||
children.
|
||||
+ Increased the parse speed when in RCData (e.g. <title>) and
|
||||
unescaped <tag> tokens are found, by memoizing the </title>
|
||||
scan and reducing GC.
|
||||
+ When parsing custom tags (in HTML or XML), added a flyweight
|
||||
cache on Tag.valueOf(String) to reduce memory overhead when
|
||||
many tags are repeated. Also tuned other areas of the parser
|
||||
when many very deeply stacked custom elements were present.
|
||||
* Bug Fixes
|
||||
+ The OSGi bundle meta-data incorrectly set a version on the
|
||||
import of javax.annotation (used as a build-time dependency
|
||||
for nullability assertions).
|
||||
+ When tracking errors or checking for validity in the Cleaner,
|
||||
errors were incorrectly raised for missing optional closing tags.
|
||||
+ The Attributes.equals() method was sensitive to the order of
|
||||
its contents, but it should not be.
|
||||
+ When the HTML parser was configured to preserve case, Element
|
||||
text methods would miss adding whitespace for BR tags.
|
||||
+ Attribute names are now normalized & validated correctly for
|
||||
the specific output syntax (HTML or XML). Previously,
|
||||
syntactically invalid attribute names could be output by the
|
||||
html() methods. Such attributes are still available in the
|
||||
DOM, and will be normalized if possible on output.
|
||||
+ Fixed an IOOB when an empty select tag was followed by a body
|
||||
tag that needed reparenting.
|
||||
* Build Improvements
|
||||
+ Fixed nullability annotations for Node.equals(Object) and
|
||||
other equals methods.
|
||||
+ Added JDK 17 to the CI builds.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 27 06:57:23 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package jsoup
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: jsoup
|
||||
Version: 1.14.2
|
||||
Version: 1.15.3
|
||||
Release: 0
|
||||
Summary: Java library for working with HTML
|
||||
License: MIT
|
||||
@ -28,7 +28,7 @@ Source0: %{name}-%{version}.tar.xz
|
||||
Source1: %{name}-build.xml
|
||||
BuildRequires: ant
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: java-devel >= 1.7
|
||||
BuildRequires: java-devel >= 1.8
|
||||
BuildRequires: javapackages-local
|
||||
BuildRequires: jsr-305
|
||||
BuildArch: noarch
|
||||
|
Loading…
Reference in New Issue
Block a user