From 183a0a08eee66e5ad87348acedd74b6fcdd80e21 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 13 Mar 2025 13:56:56 +0000 Subject: [PATCH] import CS jdom-1.1.3-42.module_el9+1171+eb38a622 --- SOURCES/CVE-2021-33813.patch | 42 ++++++++++ SOURCES/jdom-1.1-OSGiManifest.patch | 4 +- SOURCES/jdom-crosslink.patch | 4 +- SPECS/jdom.spec | 119 +++++++++++++++++++++++----- 4 files changed, 143 insertions(+), 26 deletions(-) create mode 100644 SOURCES/CVE-2021-33813.patch diff --git a/SOURCES/CVE-2021-33813.patch b/SOURCES/CVE-2021-33813.patch new file mode 100644 index 0000000..f850266 --- /dev/null +++ b/SOURCES/CVE-2021-33813.patch @@ -0,0 +1,42 @@ +--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java ++++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java +@@ -442,6 +442,11 @@ public class SAXBuilder { + public void setFeature(String name, boolean value) { + // Save the specified feature for later. + features.put(name, value ? Boolean.TRUE : Boolean.FALSE); ++ if (name.equals("http://xml.org/sax/features/external-general-entities")) { ++ // See issue https://github.com/hunterhacker/jdom/issues/189 ++ // And PR https://github.com/hunterhacker/jdom/pull/188 ++ setExpandEntities(value); ++ } + } + + /** +@@ -766,13 +771,6 @@ public class SAXBuilder { + internalSetFeature(parser, name, value.booleanValue(), name); + } + +- // Set any user-specified properties on the parser. +- iter = properties.keySet().iterator(); +- while (iter.hasNext()) { +- String name = (String)iter.next(); +- internalSetProperty(parser, name, properties.get(name), name); +- } +- + if (coreFeatures) { + // Set validation. + try { +@@ -810,6 +808,13 @@ public class SAXBuilder { + } + catch (SAXNotRecognizedException e) { /* Ignore... */ } + catch (SAXNotSupportedException e) { /* Ignore... */ } ++ ++ // Set any user-specified properties on the parser. ++ iter = properties.keySet().iterator(); ++ while (iter.hasNext()) { ++ String name = (String)iter.next(); ++ internalSetProperty(parser, name, properties.get(name), name); ++ } + } + + /** diff --git a/SOURCES/jdom-1.1-OSGiManifest.patch b/SOURCES/jdom-1.1-OSGiManifest.patch index ccb95ba..5e77ef8 100644 --- a/SOURCES/jdom-1.1-OSGiManifest.patch +++ b/SOURCES/jdom-1.1-OSGiManifest.patch @@ -1,6 +1,6 @@ diff -up ./package/META-INF/MANIFEST.MF.osgimanifest ./package/META-INF/MANIFEST.MF ---- ./package/META-INF/MANIFEST.MF.osgimanifest 2008-07-21 16:00:59.000000000 -0400 -+++ ./package/META-INF/MANIFEST.MF 2008-07-21 16:02:20.000000000 -0400 +--- jdom/package/META-INF/MANIFEST.MF.osgimanifest 2008-07-21 16:00:59.000000000 -0400 ++++ jdom/package/META-INF/MANIFEST.MF 2008-07-21 16:02:20.000000000 -0400 @@ -1,4 +1,16 @@ Manifest-Version: 1.0 +Bundle-RequiredExecutionEnvironment: J2SE-1.4 diff --git a/SOURCES/jdom-crosslink.patch b/SOURCES/jdom-crosslink.patch index 028ff80..7992dc8 100644 --- a/SOURCES/jdom-crosslink.patch +++ b/SOURCES/jdom-crosslink.patch @@ -1,5 +1,5 @@ ---- build.xml.orig 2010-02-05 12:37:26.594658382 +0000 -+++ build.xml 2010-02-05 12:38:09.201658171 +0000 +--- jdom/build.xml.orig 2010-02-05 12:37:26.594658382 +0000 ++++ jdom/build.xml 2010-02-05 12:38:09.201658171 +0000 @@ -277,7 +277,7 @@ bottom="Copyright © ${year} Jason Hunter, Brett McLaughlin. All Rights Reserved."> diff --git a/SPECS/jdom.spec b/SPECS/jdom.spec index ec0372f..602d0da 100644 --- a/SPECS/jdom.spec +++ b/SPECS/jdom.spec @@ -1,3 +1,5 @@ +%bcond_with bootstrap + # Copyright (c) 2000-2012, JPackage Project # All rights reserved. # @@ -27,25 +29,29 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # - Name: jdom Version: 1.1.3 -Release: 19%{?dist} +Release: 42%{?dist} Summary: Java alternative to DOM and SAX License: Saxpath URL: http://www.jdom.org/ -Source0: http://jdom.org/dist/binary/archive/jdom-%{version}.tar.gz -Source1: http://repo1.maven.org/maven2/org/jdom/jdom/%{version}/jdom-%{version}.pom -Patch0: %{name}-crosslink.patch -Patch1: %{name}-1.1-OSGiManifest.patch - -BuildRequires: ant -BuildRequires: javapackages-local - -BuildRequires: mvn(jaxen:jaxen) -BuildRequires: mvn(xerces:xercesImpl) - BuildArch: noarch +ExclusiveArch: %{java_arches} noarch + +Source0: http://jdom.org/dist/binary/archive/jdom-%{version}.tar.gz +Source1: https://repo1.maven.org/maven2/org/jdom/jdom/%{version}/jdom-%{version}.pom + +Patch: %{name}-crosslink.patch +Patch: %{name}-1.1-OSGiManifest.patch +# Security patches +Patch: CVE-2021-33813.patch + +%if %{with bootstrap} +BuildRequires: javapackages-bootstrap +%else +BuildRequires: javapackages-local +BuildRequires: ant +%endif %description JDOM is, quite simply, a Java representation of an XML document. JDOM @@ -56,10 +62,10 @@ alternative to DOM and SAX, although it integrates well with both DOM and SAX. %package javadoc -Summary: Javadoc for %{name} +Summary: API documentation for %{name} %description javadoc -Javadoc for %{name}. +API documentation for %{name}. %package demo Summary: Demos for %{name} @@ -68,18 +74,14 @@ Requires: %{name} = %{version}-%{release} %description demo Demonstrations and samples for %{name}. - %prep -%setup -q -n %{name} -%patch0 -p0 -%patch1 -p0 +%autosetup -p1 -n %{name} # remove all binary libs find . -name "*.jar" -exec rm -f {} \; find . -name "*.class" -exec rm -f {} \; %build -export CLASSPATH=$(build-classpath xerces-j2 jaxen) -ant -Dcompile.source=1.6 -Dcompile.target=1.6 -Dj2se.apidoc=%{_javadocdir}/java package javadoc-link +%ant -Dcompile.source=1.8 -Dcompile.target=1.8 -Dj2se.apidoc=%{_javadocdir}/java package javadoc-link %install %mvn_file : %{name} @@ -103,12 +105,85 @@ cp -pr samples $RPM_BUILD_ROOT%{_datadir}/%{name} %license LICENSE.txt %changelog +* Fri Nov 29 2024 Mikolaj Izdebski - 1.1.3-40 +- Update javapackages test plan to f42 + +* Thu Jul 18 2024 Fedora Release Engineering - 1.1.3-39 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Feb 29 2024 Jiri Vanek - 1.1.3-38 +- bump of release for for java-21-openjdk as system jdk + +* Tue Feb 27 2024 Jiri Vanek - 1.1.3-37 +- Rebuilt for java-21-openjdk as system jdk + +* Tue Feb 20 2024 Marian Koncek - 1.1.3-36 +- Update Java source/target to 1.8 + +* Wed Jan 24 2024 Fedora Release Engineering - 1.1.3-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 1.1.3-34 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jul 20 2023 Fedora Release Engineering - 1.1.3-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 1.1.3-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 1.1.3-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Feb 05 2022 Jiri Vanek - 1.1.3-30 +- Rebuilt for java-17-openjdk as system jdk + +* Thu Jan 20 2022 Fedora Release Engineering - 1.1.3-29 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Nov 02 2021 Mikolaj Izdebski - 1.1.3-28 +- Bump Java compiler source/target levels to 1.7 + +* Thu Jul 22 2021 Nicolas Lécureuil - 1.1.3-27 +- Add P100: Fixes CVE-2021-33813 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.1.3-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon May 17 2021 Mikolaj Izdebski - 1.1.3-25 +- Bump release + +* Mon May 17 2021 Mikolaj Izdebski - 1.1.3-20 +- Bootstrap build +- Non-bootstrap build + +* Tue Jan 26 2021 Fedora Release Engineering - 0:1.1.3-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0:1.1.3-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 10 2020 Jiri Vanek - 0:1.1.3-22 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Thu Jun 25 2020 Alexander Kurtakov 0:1.1.3-21 +- Fix compilation with Java 11. + +* Wed Jan 29 2020 Fedora Release Engineering - 0:1.1.3-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Tue Nov 05 2019 Mikolaj Izdebski - 1.1.3-19 - Mass rebuild for javapackages-tools 201902 +* Thu Jul 25 2019 Fedora Release Engineering - 0:1.1.3-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Fri May 24 2019 Mikolaj Izdebski - 1.1.3-18 - Mass rebuild for javapackages-tools 201901 +* Fri Feb 01 2019 Fedora Release Engineering - 0:1.1.3-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Fri Aug 03 2018 Michael Simacek - 0:1.1.3-17 - Correct license to Saxpath @@ -167,7 +242,7 @@ cp -pr samples $RPM_BUILD_ROOT%{_datadir}/%{name} - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Nov 2 2011 Alexander Kurtakov 0:1.1.2-1 -- New upstream version. +- New upstream version. - Adapt to current guidelines. * Wed Feb 09 2011 Fedora Release Engineering - 0:1.1.1-5