diff --git a/.gitignore b/.gitignore index e69de29..3aa89c4 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +/JDOM-2.0.5.tar.gz +/JDOM-2.0.6.tar.gz +/jdom2-2.0.6.tar.gz diff --git a/0001-Adapt-build.patch b/0001-Adapt-build.patch new file mode 100644 index 0000000..e970552 --- /dev/null +++ b/0001-Adapt-build.patch @@ -0,0 +1,112 @@ +From cf7e676edc7ab9d4b8b130ca4d8ecbd291995dea Mon Sep 17 00:00:00 2001 +From: Mikolaj Izdebski +Date: Mon, 20 Apr 2020 09:29:12 +0200 +Subject: [PATCH] Adapt build + +--- + build.xml | 54 +++--------------------------------------------------- + 1 file changed, 3 insertions(+), 51 deletions(-) + +diff --git a/build.xml b/build.xml +index cd7c2ed..16368e2 100644 +--- a/build.xml ++++ b/build.xml +@@ -112,17 +112,7 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- +- +- +- +- +- +- +- +- +- ++ + + + +@@ -296,7 +286,7 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- + + +@@ -316,21 +306,6 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- +- +- +- +- +- +- +- +- +- +- +- +- + + + +@@ -500,7 +475,7 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- + + +@@ -512,8 +487,6 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- + + + +@@ -528,27 +501,6 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- + + + +-- +2.25.2 + diff --git a/07f316957b59d305f04c7bdb26292852bcbc2eb5.patch b/07f316957b59d305f04c7bdb26292852bcbc2eb5.patch new file mode 100644 index 0000000..019a524 --- /dev/null +++ b/07f316957b59d305f04c7bdb26292852bcbc2eb5.patch @@ -0,0 +1,36 @@ +From 07f316957b59d305f04c7bdb26292852bcbc2eb5 Mon Sep 17 00:00:00 2001 +From: Rolf Lear +Date: Thu, 1 Jul 2021 23:56:47 -0400 +Subject: [PATCH] Update test case to ensure DTD handling is OK again. Related + #188. Related #189 + +--- + test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java +index a69380ba..a35a1b90 100644 +--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java ++++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java +@@ -101,6 +101,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + import org.jdom2.DefaultJDOMFactory; + import org.jdom2.Document; + import org.jdom2.EntityRef; ++import org.jdom2.JDOMConstants; + import org.jdom2.JDOMException; + import org.jdom2.JDOMFactory; + import org.jdom2.UncheckedJDOMFactory; +@@ -609,11 +610,12 @@ public void testSetExternalFeature() { + XMLReader reader = sb.createParser(); + assertNotNull(reader); + assertTrue(reader.getFeature(feature)); ++ assertNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER)); + sb.setFeature(feature, false); + reader = sb.createParser(); + assertNotNull(reader); + assertFalse(reader.getFeature(feature)); +- ++ assertNotNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER)); + } catch (Exception e) { + e.printStackTrace(); + fail("Could not create parser: " + e.getMessage()); diff --git a/bd3ab78370098491911d7fe9d7a43b97144a234e.patch b/bd3ab78370098491911d7fe9d7a43b97144a234e.patch new file mode 100644 index 0000000..85e38a2 --- /dev/null +++ b/bd3ab78370098491911d7fe9d7a43b97144a234e.patch @@ -0,0 +1,69 @@ +From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001 +From: Esti +Date: Thu, 18 Feb 2021 16:40:01 +0200 +Subject: [PATCH] fix setFeature bug and add test case + +--- + core/src/java/org/jdom2/input/SAXBuilder.java | 10 ++++------ + .../test/cases/input/TestSAXBuilder.java | 20 +++++++++++++++++++ + 2 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java +index d7105ec6..a1462334 100644 +--- a/core/src/java/org/jdom2/input/SAXBuilder.java ++++ b/core/src/java/org/jdom2/input/SAXBuilder.java +@@ -971,11 +971,6 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH + } + } + +- // Set any user-specified features on the parser. +- for (final Map.Entry me : features.entrySet()) { +- internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey()); +- } +- + // Set any user-specified properties on the parser. + for (final Map.Entry me : properties.entrySet()) { + internalSetProperty(parser, me.getKey(), me.getValue(), me.getKey()); +@@ -1007,7 +1002,10 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH + // No lexical reporting available + } + } +- ++ // Set any user-specified features on the parser. ++ for (final Map.Entry me : features.entrySet()) { ++ internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey()); ++ } + } + + /** +diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java +index 4ef34834..a69380ba 100644 +--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java ++++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java +@@ -600,6 +600,26 @@ public void testSetFeature() { + } + } + ++ @Test ++ public void testSetExternalFeature() { ++ String feature = "http://xml.org/sax/features/external-general-entities"; ++ MySAXBuilder sb = new MySAXBuilder(); ++ try { ++ sb.setFeature(feature, true); ++ XMLReader reader = sb.createParser(); ++ assertNotNull(reader); ++ assertTrue(reader.getFeature(feature)); ++ sb.setFeature(feature, false); ++ reader = sb.createParser(); ++ assertNotNull(reader); ++ assertFalse(reader.getFeature(feature)); ++ ++ } catch (Exception e) { ++ e.printStackTrace(); ++ fail("Could not create parser: " + e.getMessage()); ++ } ++ } ++ + @Test + public void testSetProperty() { + LexicalHandler lh = new LexicalHandler() { diff --git a/bnd.properties b/bnd.properties new file mode 100644 index 0000000..904f2f7 --- /dev/null +++ b/bnd.properties @@ -0,0 +1,4 @@ +Bundle-Name=JDOM 2 +Bundle-SymbolicName=org.jdom2 +Export-Package=* +Import-Package=org.jaxen.*;resolution:=optional,* diff --git a/dd4f3c2fc7893edd914954c73eb577f925a7d361.patch b/dd4f3c2fc7893edd914954c73eb577f925a7d361.patch new file mode 100644 index 0000000..06ac749 --- /dev/null +++ b/dd4f3c2fc7893edd914954c73eb577f925a7d361.patch @@ -0,0 +1,34 @@ +From dd4f3c2fc7893edd914954c73eb577f925a7d361 Mon Sep 17 00:00:00 2001 +From: Rolf Lear +Date: Thu, 1 Jul 2021 23:42:05 -0400 +Subject: [PATCH] Addresses #189 - synchronizes external entity expansion + setting + +--- + core/src/java/org/jdom2/input/SAXBuilder.java | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java +index a1462334..514b026d 100644 +--- a/core/src/java/org/jdom2/input/SAXBuilder.java ++++ b/core/src/java/org/jdom2/input/SAXBuilder.java +@@ -82,6 +82,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + import org.jdom2.DocType; + import org.jdom2.Document; + import org.jdom2.EntityRef; ++import org.jdom2.JDOMConstants; + import org.jdom2.JDOMException; + import org.jdom2.JDOMFactory; + import org.jdom2.Verifier; +@@ -797,6 +798,11 @@ public void setFastReconfigure(final boolean fastReconfigure) { + public void setFeature(final String name, final boolean value) { + // Save the specified feature for later. + features.put(name, value ? Boolean.TRUE : Boolean.FALSE); ++ if (JDOMConstants.SAX_FEATURE_EXTERNAL_ENT.equals(name)) { ++ // See issue https://github.com/hunterhacker/jdom/issues/189 ++ // And PR https://github.com/hunterhacker/jdom/pull/188 ++ setExpandEntities(value); ++ } + engine = null; + } + diff --git a/generate-tarball.sh b/generate-tarball.sh new file mode 100755 index 0000000..e864f8b --- /dev/null +++ b/generate-tarball.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +name=jdom2 +version="$(sed -n 's/Version:\s*//p' *.spec)" + +# RETRIEVE +wget "https://github.com/hunterhacker/jdom/archive/JDOM-${version}.tar.gz" -O "${name}-${version}.orig.tar.gz" + +rm -rf tarball-tmp +mkdir tarball-tmp +pushd tarball-tmp +tar xf "../${name}-${version}.orig.tar.gz" + +# CLEAN TARBALL +rm -r */lib */*/lib +find -name '*.jar' -delete +find -name '*.class' -delete + +tar -czf "../${name}-${version}.tar.gz" * +popd +rm -r tarball-tmp "${name}-${version}.orig.tar.gz" diff --git a/jdom2.spec b/jdom2.spec new file mode 100644 index 0000000..084ffc6 --- /dev/null +++ b/jdom2.spec @@ -0,0 +1,208 @@ +%bcond_with bootstrap + +Name: jdom2 +Version: 2.0.6 +Release: 28%{?dist} +Summary: Java manipulation of XML made easy +License: Saxpath +URL: http://www.jdom.org/ +# ./generate-tarball.sh +Source0: %{name}-%{version}.tar.gz +# Bnd tool configuration +Source3: bnd.properties +# Remove bundled jars that might not have clear licensing +Source4: generate-tarball.sh +# Use system libraries +# Disable gpg signatures +# Process contrib and junit pom files +Patch0: 0001-Adapt-build.patch + +# +# Security patches +# P100 -> ... +# +# CVE-2021-33813 +Patch100: bd3ab78370098491911d7fe9d7a43b97144a234e.patch +Patch101: dd4f3c2fc7893edd914954c73eb577f925a7d361.patch +Patch102: 07f316957b59d305f04c7bdb26292852bcbc2eb5.patch + +%if %{with bootstrap} +BuildRequires: javapackages-bootstrap +%else +BuildRequires: javapackages-local +BuildRequires: ant +BuildRequires: ant-junit +%endif + +BuildArch: noarch +ExclusiveArch: %{java_arches} noarch + +%description +JDOM is a Java-oriented object model which models XML documents. +It provides a Java-centric means of generating and manipulating +XML documents. While JDOM inter-operates well with existing +standards such as the Simple API for XML (SAX) and the Document +Object Model (DOM), it is not an abstraction layer or +enhancement to those APIs. Rather, it seeks to provide a robust, +light-weight means of reading and writing XML data without the +complex and memory-consumptive options that current API +offerings provide. + +%package javadoc +Summary: Javadoc for %{name} + +%description javadoc +This package contains javadoc for %{name}. + +%prep +%setup -q -n jdom-JDOM-%{version} + +%patch0 -p1 + +%patch100 -p1 +%patch101 -p1 +%patch102 -p1 + +sed -i 's/\r//' LICENSE.txt README.txt + +# Unable to run coverage: use log4j12 but switch to log4j 2.x +sed -i.coverage "s|coverage, jars|jars|" build.xml + +# XPath functionality is not needed +rm -rf core/src/java/org/jdom2/xpath/ +sed -i '/import org.jdom2.xpath.XPathFactory/d' core/src/java/org/jdom2/JDOMConstants.java + +%build +mkdir lib +%ant -Dversion=%{version} -Dcompile.source=1.7 -Dcompile.target=1.7 -Dj2se.apidoc=%{_javadocdir}/java maven + +# Make jar into an OSGi bundle +# XXX disabled until BND is fixed +#bnd wrap --output build/package/jdom-%{version}.bar --properties %{SOURCE3} \ +# --version %{version} build/package/jdom-%{version}.jar +#mv build/package/jdom-%{version}.bar build/package/jdom-%{version}.jar + +%install +%mvn_artifact build/maven/core/%{name}-%{version}.pom build/package/jdom-%{version}.jar +%mvn_install -J build/apidocs + +%files -f .mfiles +%doc CHANGES.txt COMMITTERS.txt README.txt TODO.txt +%license LICENSE.txt + +%files javadoc -f .mfiles-javadoc +%license LICENSE.txt + +%changelog +* Thu Jul 21 2022 Fedora Release Engineering - 2.0.6-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Feb 05 2022 Jiri Vanek - 2.0.6-27 +- Rebuilt for java-17-openjdk as system jdk + +* Thu Jan 20 2022 Fedora Release Engineering - 2.0.6-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Nov 02 2021 Mikolaj Izdebski - 2.0.6-25 +- Bump Java compiler source/target levels to 1.7 + +* Thu Oct 14 2021 Mikolaj Izdebski - 2.0.6-24 +- Add patches to address DoS security vulnerability +- Resolves CVE-2021-33813 + +* Thu Jul 22 2021 Fedora Release Engineering - 2.0.6-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon May 17 2021 Mikolaj Izdebski - 2.0.6-22 +- Bootstrap build +- Non-bootstrap build + +* Tue Jan 26 2021 Fedora Release Engineering - 2.0.6-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Sep 10 2020 Fabio Valentini - 2.0.6-20 +- Drop log4j12 dependency and switch junit module to log4j 1.2 API shim. + +* Tue Jul 28 2020 Fedora Release Engineering - 2.0.6-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sun Jul 19 2020 Fabio Valentini - 2.0.6-18 +- Set javac source and target to 1.8 to fix Java 11 builds. + +* Fri Jul 10 2020 Jiri Vanek - 2.0.6-17 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Thu May 07 2020 Fabio Valentini - 2.0.6-16 +- Drop optional isorelax verifier support from contrib. + +* Mon Apr 20 2020 Mikolaj Izdebski - 2.0.6-15 +- Disable contrib module + +* Wed Jan 29 2020 Fedora Release Engineering - 2.0.6-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 05 2019 Mikolaj Izdebski - 2.0.6-14 +- Mass rebuild for javapackages-tools 201902 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.0.6-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 24 2019 Mikolaj Izdebski - 2.0.6-13 +- Mass rebuild for javapackages-tools 201901 + +* Fri Feb 01 2019 Fedora Release Engineering - 2.0.6-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jul 23 2018 Michael Simacek - 2.0.6-12 +- Repack tarball without bundled jars +- The repacked jar contains slightly different source (force push by upstream?) +- Correct license tag + +* Tue Jul 17 2018 Mikolaj Izdebski - 2.0.6-11 +- Remove unneeded buildrequires + +* Fri Jul 13 2018 Fedora Release Engineering - 2.0.6-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 2.0.6-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.0.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed May 31 2017 Michael Simacek - 2.0.6-7 +- Avoid hardcoded jar paths + +* Fri Feb 10 2017 Fedora Release Engineering - 2.0.6-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Apr 14 2016 Mat Booth - 2.0.6-6 +- Add OSGi metadata to main jar +- Fix file listed twice warning + +* Thu Feb 04 2016 Fedora Release Engineering - 2.0.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 2.0.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Mar 24 2015 Mikolaj Izdebski - 2.0.6-3 +- Remove unneeded BR on cobertura + +* Fri Feb 06 2015 gil cattaneo 2.0.6-2 +- introduce license macro + +* Tue Oct 21 2014 gil cattaneo 2.0.6-1 +- update to 2.0.6 (rhbz#1118627) + +* Sun Jun 08 2014 Fedora Release Engineering - 2.0.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Mar 28 2014 Michael Simacek - 2.0.5-3 +- Use Requires: java-headless rebuild (#1067528) + +* Thu Nov 14 2013 gil cattaneo 2.0.5-2 +- use objectweb-asm3 + +* Thu Sep 12 2013 gil cattaneo 2.0.5-1 +- initial rpm diff --git a/sources b/sources new file mode 100644 index 0000000..0850013 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (jdom2-2.0.6.tar.gz) = 1a38c882323339e94c36635e80635ecf8f66e4a1ed0228f68c11098b1282bd9043fdfec1b31196b79eea72495440ac175af50a0556439be5ba956238c32dd1ff