Update to upstream 1.26 release

Resolves: CVE-2017-18640
2020-04-15 14:53:37 +02:00 · 2020-04-15 14:53:37 +02:00 · 10762d8cfd
commit 10762d8cfd
parent a8d1f65a05
5 changed files with 13 additions and 73 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@
 /snakeyaml-1.16.tar.bz2
 /snakeyaml-1.17.tar.bz2
 /snakeyaml-1.25.tar.gz
+/snakeyaml-1.26.tar.gz
--- a/0001-replace-bundled-base64coder-with-java.util.Base64.patch
+++ b/0001-replace-bundled-base64coder-with-java.util.Base64.patch
@ -41,15 +41,15 @@ index bd022cc..217835d 100644
 import java.util.Calendar;
 import java.util.HashMap;
 import java.util.Iterator;
-@@ -30,7 +31,6 @@ import java.util.regex.Matcher;
- import java.util.regex.Pattern;
+@@ -31,7 +32,6 @@ import java.util.regex.Pattern;
 
+ import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.error.YAMLException;
 -import org.yaml.snakeyaml.external.biz.base64Coder.Base64Coder;
 import org.yaml.snakeyaml.nodes.MappingNode;
 import org.yaml.snakeyaml.nodes.Node;
 import org.yaml.snakeyaml.nodes.NodeId;
-@@ -313,7 +313,7 @@ public class SafeConstructor extends BaseConstructor {
+@@ -348,7 +348,7 @@ public class SafeConstructor extends BaseConstructor {
             // Ignore white spaces for base64 encoded scalar
             String noWhiteSpaces = constructScalar((ScalarNode) node).toString().replaceAll("\\s",
                     "");
--- a/0003-fix-broken-test.patch
+++ b/0003-fix-broken-test.patch
@ -1,61 +0,0 @@
-diff --git a/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java b/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java
-index f8b72a1..7ed8328 100644
--- a/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java
-+++ b/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java
-@@ -15,43 +15,32 @@
-  */
- package org.yaml.snakeyaml.error;
- 
-import org.hamcrest.CoreMatchers;
-import org.junit.Before;
-import org.junit.Rule;
- import org.junit.Test;
-import org.junit.rules.ExpectedException;
- import org.yaml.snakeyaml.LoaderOptions;
- import org.yaml.snakeyaml.Yaml;
- 
-+import static org.junit.Assert.assertEquals;
-+import static org.junit.Assert.fail;
-+
- public class WrappedExceptionsTest {
- 
-     private static final String INVALID_YAML = "!!seq abc";
- 
-    @Rule
-    public final ExpectedException expectedException = ExpectedException.none();
-
-    @Before
-    public void configureExpectedExceptions() {
-        expectedException.expectMessage("org.yaml.snakeyaml.nodes.ScalarNode");
-        expectedException.expectMessage("org.yaml.snakeyaml.nodes.SequenceNode");
-    }
-
-     @Test
-     public void testWrapped() {
-        expectedException.expect(YAMLException.class);
-        expectedException
-                .expectCause(CoreMatchers.<Throwable> instanceOf(ClassCastException.class));
-
-        LoaderOptions options = new LoaderOptions();
-        options.setWrappedToRootException(true);
-        Yaml yaml = new Yaml(options);
-        yaml.load(INVALID_YAML);
-+        try {
-+            LoaderOptions options = new LoaderOptions();
-+            options.setWrappedToRootException(true);
-+            Yaml yaml = new Yaml(options);
-+            yaml.load(INVALID_YAML);
-+            fail();
-+        } catch (YAMLException e) {
-+            assertEquals(ClassCastException.class, e.getCause().getClass());
-+        }
-     }
- 
-    @Test
-+    @Test(expected = ClassCastException.class)
-     public void testUnWrapped() {
-        expectedException.expect(ClassCastException.class);
-
-         LoaderOptions options = new LoaderOptions();
-         options.setWrappedToRootException(false);
-         Yaml yaml = new Yaml(options);
--- a/snakeyaml.spec
+++ b/snakeyaml.spec
@ -1,11 +1,11 @@
-%global vertag 8450addf3473
+%global vertag e91772b1bc0b

 %bcond_with spring

 Name:           snakeyaml
 Summary:        YAML parser and emitter for Java
-Version:        1.25
-Release:        4%{?dist}
+Version:        1.26
+Release:        1%{?dist}
 License:        ASL 2.0

 URL:            https://bitbucket.org/asomov/%{name}
@ -20,9 +20,6 @@ Source0:        %{url}/get/%{name}-%{version}.tar.gz
 Patch0:         0001-replace-bundled-base64coder-with-java.util.Base64.patch
 # We don't have gdata-java in Fedora any longer, use commons-codec instead
 Patch1:         0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
-# Fix a broken test, change backported from upstream:
-# https://bitbucket.org/asomov/snakeyaml/commits/345408c
-Patch2:         0003-fix-broken-test.patch

 BuildArch:      noarch

@ -63,7 +60,6 @@ This package contains %{summary}.
 %setup -q -n asomov-%{name}-%{vertag}
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1

 %mvn_file : %{name}

@ -115,10 +111,14 @@ rm src/test/java/org/yaml/snakeyaml/helpers/FileTestHelper.java


 %changelog
+* Wed Apr 15 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1.26-1
+- Update to latest upstream 1.26 release.
+- Resolves: CVE-2017-18640
+
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.25-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

-* Thu Oct 15 2019 Fabio Valentini <decathorpe@gmail.com> - 1.25-3
+* Tue Oct 15 2019 Fabio Valentini <decathorpe@gmail.com> - 1.25-3
 - Replace base64coder dependency with java.util.Base64 from JDK8.

 * Tue Oct 15 2019 Fabio Valentini <decathorpe@gmail.com> - 1.25-2
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (snakeyaml-1.25.tar.gz) = 39c4254e368bdfe5dda1207443e86b2bb81a3c7d3f37d54c63aac6fcc8c74914a5e4f34fe4cbf7748556d54d81491170dbb3c51459ba2f7cc51efc2eb987a530
+SHA512 (snakeyaml-1.26.tar.gz) = 00cc2f9ee5f590eb6fbe511844856ed9cc97c6c135f2a116a01a9464eea79eec78be6b0cdfde363d4e1accf803b362cdfb9315f74da73f23c2f9b7900ade3145