.gitignore

@@ -1 +1,4 @@
-SOURCES/velocity-1.7.tar.gz
+velocity-1.6.3.tar.gz
+/velocity-1.6.4.tar.gz
+/velocity-1.7.tar.gz
+/velocity-1.7.pom

.velocity.metadata

@@ -1 +0,0 @@
-ac76c23153cd2214591b6783f255ad210467b2f8 SOURCES/velocity-1.7.tar.gz

0001-Port-to-apache-commons-lang3.patch

@@ -1,7 +1,7 @@
-From afc1005f123933e3441833651a558ab88d7cbee4 Mon Sep 17 00:00:00 2001
+From bf0462e3c293863947dde1c22a62c3d4a187a70c Mon Sep 17 00:00:00 2001
 From: Marian Koncek <mkoncek@redhat.com>
 Date: Thu, 31 Oct 2019 14:35:40 +0100
-Subject: [PATCH] Port to apache-commons-lang3
+Subject: [PATCH 1/2] Port to apache-commons-lang3
 
 ---
  pom.xml                                                     | 6 +++---
@@ -36,10 +36,10 @@ Subject: [PATCH] Port to apache-commons-lang3
  29 files changed, 39 insertions(+), 38 deletions(-)
 
 diff --git a/pom.xml b/pom.xml
-index e2c7004..273fc9d 100644
+index 77a8e383..eee15b34 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -143,9 +143,9 @@
+@@ -148,9 +148,9 @@
        <version>3.2.1</version>
      </dependency>
      <dependency>
@@ -53,7 +53,7 @@ index e2c7004..273fc9d 100644
      <dependency>
        <groupId>oro</groupId>
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
-index 6d98b45..e146995 100644
+index 6d98b45c..e1469957 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -75,7 +75,7 @@ index 6d98b45..e146995 100644
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
-index ea49ddb..12f38f4 100644
+index ea49ddbf..12f38f47 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -97,7 +97,7 @@ index ea49ddb..12f38f4 100644
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
-index 585cb6c..39e04f4 100644
+index 585cb6c6..39e04f43 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -120,7 +120,7 @@ index 585cb6c..39e04f4 100644
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
-index 3d5b40f..fbb525c 100644
+index 3d5b40f0..fbb525cb 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -133,7 +133,7 @@ index 3d5b40f..fbb525c 100644
  /**
   * Escape all XML entities.
 diff --git a/src/java/org/apache/velocity/runtime/RuntimeInstance.java b/src/java/org/apache/velocity/runtime/RuntimeInstance.java
-index bf99faa..a79d42c 100644
+index 670c083d..f877114d 100644
 --- a/src/java/org/apache/velocity/runtime/RuntimeInstance.java
 +++ b/src/java/org/apache/velocity/runtime/RuntimeInstance.java
 @@ -32,7 +32,7 @@ import java.util.Map;
@@ -146,7 +146,7 @@ index bf99faa..a79d42c 100644
  import org.apache.velocity.app.event.EventCartridge;
  import org.apache.velocity.app.event.EventHandler;
 diff --git a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
-index 2737b3b..956ab05 100644
+index 8756b66f..70e3d489 100644
 --- a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
 +++ b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
 @@ -26,7 +26,7 @@ import java.util.Map;
@@ -159,7 +159,7 @@ index 2737b3b..956ab05 100644
  import org.apache.velocity.exception.VelocityException;
  import org.apache.velocity.runtime.directive.Directive;
 diff --git a/src/java/org/apache/velocity/runtime/directive/Block.java b/src/java/org/apache/velocity/runtime/directive/Block.java
-index f5fdfa8..b136543 100644
+index f5fdfa85..b136543d 100755
 --- a/src/java/org/apache/velocity/runtime/directive/Block.java
 +++ b/src/java/org/apache/velocity/runtime/directive/Block.java
 @@ -23,7 +23,7 @@ import java.io.IOException;
@@ -172,7 +172,7 @@ index f5fdfa8..b136543 100644
  import org.apache.velocity.exception.TemplateInitException;
  import org.apache.velocity.runtime.Renderable;
 diff --git a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
-index 090b552..d22ac4e 100644
+index 090b5522..d22ac4ed 100644
 --- a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
 +++ b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
 @@ -23,7 +23,7 @@ import java.io.IOException;
@@ -185,7 +185,7 @@ index 090b552..d22ac4e 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/Parser.java b/src/java/org/apache/velocity/runtime/parser/Parser.java
-index 085e7a4..62dfe48 100644
+index 1253381f..b8e7112e 100644
 --- a/src/java/org/apache/velocity/runtime/parser/Parser.java
 +++ b/src/java/org/apache/velocity/runtime/parser/Parser.java
 @@ -10,7 +10,7 @@ import org.apache.velocity.runtime.directive.Directive;
@@ -198,7 +198,7 @@ index 085e7a4..62dfe48 100644
  
  /**
 diff --git a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
-index ce00d99..9563a1f 100644
+index ce00d99d..9563a1fb 100644
 --- a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
 +++ b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
 @@ -9,7 +9,7 @@ import org.apache.velocity.runtime.directive.Directive;
@@ -211,7 +211,7 @@ index ce00d99..9563a1f 100644
  
  /** Token Manager. */
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
-index 86e86b7..f1ab78d 100644
+index 74727729..8fc59737 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
 @@ -22,7 +22,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -224,7 +224,7 @@ index 86e86b7..f1ab78d 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
-index a1545e5..7354c9a 100644
+index 489429bb..df54dd93 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
 @@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -239,7 +239,7 @@ index a1545e5..7354c9a 100644
  import org.apache.velocity.context.InternalContextAdapter;
  import org.apache.velocity.exception.MethodInvocationException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
-index bb56cd9..0bc63bc 100644
+index 2267993c..82cca27a 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
 @@ -21,7 +21,7 @@ import java.io.IOException;
@@ -252,7 +252,7 @@ index bb56cd9..0bc63bc 100644
  import org.apache.velocity.exception.TemplateInitException;
  import org.apache.velocity.exception.VelocityException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
-index 52bcda9..8362c3e 100644
+index 713a86ae..0ac03fbc 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -265,7 +265,7 @@ index 52bcda9..8362c3e 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.runtime.parser.ParserConstants;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
-index 8c78228..20d6c18 100644
+index 8c78228e..20d6c185 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
 @@ -21,7 +21,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -278,7 +278,7 @@ index 8c78228..20d6c18 100644
  import org.apache.velocity.runtime.RuntimeLogger;
  import org.apache.velocity.runtime.log.Log;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
-index 0b27b45..ba5d512 100644
+index 0078d023..80887fad 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
 @@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -293,7 +293,7 @@ index 0b27b45..ba5d512 100644
  import org.apache.velocity.runtime.log.Log;
  import org.apache.velocity.util.introspection.Introspector;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
-index 108846f..6372830 100644
+index 108846f8..6372830f 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
 @@ -22,8 +22,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -308,7 +308,7 @@ index 108846f..6372830 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
 diff --git a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
-index 1b504eb..b33d4ed 100644
+index 778b42a9..a396e42f 100644
 --- a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
 +++ b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
 @@ -158,7 +158,7 @@ public class ResourceManagerImpl
@@ -330,7 +330,7 @@ index 1b504eb..b33d4ed 100644
                  log.warn("Declared encoding for template '" +
                               resource.getName() +
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
-index 623766f..a7cc276 100644
+index 52d09a98..bf48aa45 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
 @@ -22,7 +22,7 @@ package org.apache.velocity.runtime.resource.loader;
@@ -343,7 +343,7 @@ index 623766f..a7cc276 100644
  import org.apache.velocity.runtime.resource.Resource;
  import org.apache.velocity.util.ClassUtils;
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
-index 833e0ac..7414913 100644
+index f85b6d62..38ec30dc 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
 @@ -218,7 +218,7 @@ public class DataSourceResourceLoader extends ResourceLoader
@@ -356,7 +356,7 @@ index 833e0ac..7414913 100644
              throw new ResourceNotFoundException("DataSourceResourceLoader: Template name was empty or null");
          }
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
-index 462ed16..3898889 100644
+index 923274a7..8580caeb 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
 @@ -118,7 +118,7 @@ public class FileResourceLoader extends ResourceLoader
@@ -369,7 +369,7 @@ index 462ed16..3898889 100644
              /*
               * If we don't get a properly formed templateName then
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
-index 172384e..b7fb1a7 100644
+index 054d890e..71d6c083 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
 @@ -195,7 +195,7 @@ public class JarResourceLoader extends ResourceLoader
@@ -382,7 +382,7 @@ index 172384e..b7fb1a7 100644
              throw new ResourceNotFoundException("Need to have a resource!");
          }
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
-index 895182d..41c0ec9 100644
+index 245c10b8..86a08b9d 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
 @@ -26,7 +26,7 @@ import java.io.ByteArrayInputStream;
@@ -395,7 +395,7 @@ index 895182d..41c0ec9 100644
  import org.apache.velocity.exception.VelocityException;
  import org.apache.velocity.runtime.resource.Resource;
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
-index de06636..74ab86a 100644
+index de066367..74ab86a6 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
 @@ -26,7 +26,7 @@ import java.net.URL;
@@ -408,7 +408,7 @@ index de06636..74ab86a 100644
  import org.apache.velocity.exception.ResourceNotFoundException;
  import org.apache.velocity.runtime.resource.Resource;
 diff --git a/src/java/org/apache/velocity/util/introspection/ClassMap.java b/src/java/org/apache/velocity/util/introspection/ClassMap.java
-index 66bc7b1..77c1c8b 100644
+index 00512892..2e128b7e 100644
 --- a/src/java/org/apache/velocity/util/introspection/ClassMap.java
 +++ b/src/java/org/apache/velocity/util/introspection/ClassMap.java
 @@ -23,7 +23,7 @@ import java.lang.reflect.Method;
@@ -421,7 +421,7 @@ index 66bc7b1..77c1c8b 100644
  import org.apache.velocity.util.MapFactory;
  
 diff --git a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
-index 3142f45..ff36682 100644
+index 02499985..4b0b254f 100644
 --- a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
 +++ b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
 @@ -27,7 +27,7 @@ import junit.framework.Test;
@@ -434,7 +434,7 @@ index 3142f45..ff36682 100644
  
  /**
 diff --git a/src/test/org/apache/velocity/test/BaseTestCase.java b/src/test/org/apache/velocity/test/BaseTestCase.java
-index 9faf585..f893d0f 100644
+index 0ea00cbd..798a322b 100644
 --- a/src/test/org/apache/velocity/test/BaseTestCase.java
 +++ b/src/test/org/apache/velocity/test/BaseTestCase.java
 @@ -353,7 +353,7 @@ public abstract class BaseTestCase extends TestCase implements TemplateTestBase
@@ -447,7 +447,7 @@ index 9faf585..f893d0f 100644
                  buf.append('.').append(ext);
              }
 diff --git a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
-index d1ad1db..e70c5f2 100644
+index 77dfc54e..4befc6ef 100644
 --- a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
 +++ b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
 @@ -21,7 +21,7 @@ package org.apache.velocity.test;
@@ -460,5 +460,5 @@ index d1ad1db..e70c5f2 100644
  
  /**
 -- 
-2.21.0
+2.25.4
 

0002-Force-use-of-JDK-log-chute.patch

@@ -0,0 +1,25 @@
+From b2eee6ccc6ef24e084567a0a38d21fa3765df6ad Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Fri, 15 May 2020 09:56:26 +0200
+Subject: [PATCH 2/2] Force use of JDK log chute
+
+---
+ .../org/apache/velocity/runtime/defaults/velocity.properties    | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+index 750a59af..855118b9 100644
+--- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
++++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+@@ -23,7 +23,7 @@
+ #  default LogChute to use: default: AvalonLogChute, Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute
+ # ----------------------------------------------------------------------------
+ 
+-runtime.log.logsystem.class = org.apache.velocity.runtime.log.AvalonLogChute,org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute
++runtime.log.logsystem.class = org.apache.velocity.runtime.log.JdkLogChute
+ 
+ # ---------------------------------------------------------------------------
+ # This is the location of the Velocity Runtime log.
+-- 
+2.25.4
+

0003-CVE-2020-13936.patch

@@ -0,0 +1,77 @@
+From 3be84770e7fbe6f000f0c002905e86fe1412d551 Mon Sep 17 00:00:00 2001
+From: Marian Koncek <mkoncek@redhat.com>
+Date: Thu, 11 Mar 2021 16:22:50 +0100
+Subject: [PATCH] CVE-2020-13936
+
+From upstream patches:
+https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
+https://github.com/apache/velocity-engine/commit/15909056fe51f5d39d49e101d706d3075876dde4
+https://github.com/apache/velocity-engine/commit/3f5d477bb4f4397bed2d2926c35dcef7de3aae3e
+
+---
+ .../velocity/runtime/defaults/velocity.properties | 15 ++++++++++-----
+ .../introspection/SecureIntrospectorImpl.java     |  9 +++++++++
+ 2 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+index 855118b..a8a9231 100644
+--- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
++++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+@@ -245,15 +245,16 @@ runtime.introspector.uberspect = org.apache.velocity.util.introspection.Uberspec
+ # accessed.
+ # ----------------------------------------------------------------------------
+ 
++# Prohibit reflection
+ introspector.restrict.packages = java.lang.reflect
+ 
+ # The two most dangerous classes
++# ClassLoader, Thread, and subclasses disabled by default in SecureIntrospectorImpl
+ 
+-introspector.restrict.classes = java.lang.Class
+-introspector.restrict.classes = java.lang.ClassLoader
+-                
+-# Restrict these for extra safety
++# Restrict these system classes.  Note that anything in this list is matched exactly.
++# (Subclasses must be explicitly named to be included).
+ 
++introspector.restrict.classes = java.lang.Class
+ introspector.restrict.classes = java.lang.Compiler
+ introspector.restrict.classes = java.lang.InheritableThreadLocal
+ introspector.restrict.classes = java.lang.Package
+@@ -262,8 +263,12 @@ introspector.restrict.classes = java.lang.Runtime
+ introspector.restrict.classes = java.lang.RuntimePermission
+ introspector.restrict.classes = java.lang.SecurityManager
+ introspector.restrict.classes = java.lang.System
+-introspector.restrict.classes = java.lang.Thread
+ introspector.restrict.classes = java.lang.ThreadGroup
+ introspector.restrict.classes = java.lang.ThreadLocal
+ 
++# Restrict instance managers for common servlet containers  (Tomcat, JBoss, Jetty)
+ 
++introspector.restrict.classes = org.apache.catalina.core.DefaultInstanceManager
++introspector.restrict.classes = org.apache.tomcat.SimpleInstanceManager
++introspector.restrict.classes = org.wildfly.extension.undertow.deployment.UndertowJSPInstanceManager
++introspector.restrict.classes = org.eclipse.jetty.util.DecoratedObjectFactory
+diff --git a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
+index f317b1c..25fc84d 100644
+--- a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
++++ b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
+@@ -121,6 +121,15 @@ public class SecureIntrospectorImpl extends Introspector implements SecureIntros
+             return true;
+         }
+ 
++       /**
++       * Always disallow ClassLoader, Thread and subclasses
++       */
++        if (ClassLoader.class.isAssignableFrom(clazz) ||
++                Thread.class.isAssignableFrom(clazz))
++        {
++            return false;
++        }
++
+         /**
+          * check the classname (minus any array info)
+          * whether it matches disallowed classes or packages
+-- 
+2.29.2
+

SOURCES/0001-Don-t-use-Werken-XPath.patch

@@ -1,165 +0,0 @@
-From 8a9344f55d74a5b809051ae144b3c028499fec0d Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk@redhat.com>
-Date: Sat, 27 Sep 2013 10:53:46 +0200
-Subject: [PATCH] Don't use Werken XPath
-
----
- src/java/org/apache/velocity/anakia/AnakiaElement.java |  7 +++++--
- src/java/org/apache/velocity/anakia/NodeList.java      |  6 ++++--
- src/java/org/apache/velocity/anakia/XPathCache.java    |  9 ++++++---
- src/java/org/apache/velocity/anakia/XPathTool.java     | 16 ++++++++++------
- 4 files changed, 25 insertions(+), 13 deletions(-)
-
-diff --git a/src/java/org/apache/velocity/anakia/AnakiaElement.java b/src/java/org/apache/velocity/anakia/AnakiaElement.java
-index c72b653..df13153 100644
---- a/src/java/org/apache/velocity/anakia/AnakiaElement.java
-+++ b/src/java/org/apache/velocity/anakia/AnakiaElement.java
-@@ -20,8 +20,10 @@ package org.apache.velocity.anakia;
-  */
- 
- import org.jdom.Element;
-+import org.jdom.JDOMException;
- import org.jdom.Namespace;
- import org.jdom.output.XMLOutputter;
-+
- import java.util.List;
- 
- /**
-@@ -126,10 +128,11 @@ public class AnakiaElement extends Element
-      * @param xpathExpression the XPath expression you wish to apply
-      * @return a NodeList representing the nodes that are the result of
-      * application of the XPath to the current element. It can be empty.
-+     * @throws JDOMException
-      */
--    public NodeList selectNodes(String xpathExpression)
-+    public NodeList selectNodes(String xpathExpression) throws JDOMException
-     {
--        return new NodeList(XPathCache.getXPath(xpathExpression).applyTo(this), false);
-+        return new NodeList(XPathCache.getXPath(xpathExpression).selectNodes(this), false);
-     }
- 
-     /**
-diff --git a/src/java/org/apache/velocity/anakia/NodeList.java b/src/java/org/apache/velocity/anakia/NodeList.java
-index daf611d..b303bda 100644
---- a/src/java/org/apache/velocity/anakia/NodeList.java
-+++ b/src/java/org/apache/velocity/anakia/NodeList.java
-@@ -35,6 +35,7 @@ import org.jdom.DocType;
- import org.jdom.Document;
- import org.jdom.Element;
- import org.jdom.EntityRef;
-+import org.jdom.JDOMException;
- import org.jdom.ProcessingInstruction;
- import org.jdom.Text;
- import org.jdom.output.XMLOutputter;
-@@ -289,10 +290,11 @@ public class NodeList implements List, Cloneable
-      * @param xpathString the XPath expression you wish to apply
-      * @return a NodeList representing the nodes that are the result of
-      * application of the XPath to the current node list. It can be empty.
-+     * @throws JDOMException
-      */
--    public NodeList selectNodes(String xpathString)
-+    public NodeList selectNodes(String xpathString) throws JDOMException
-     {
--        return new NodeList(XPathCache.getXPath(xpathString).applyTo(nodes), false);
-+        return new NodeList(XPathCache.getXPath(xpathString).selectNodes(nodes), false);
-     }
- 
- // List methods implemented hereafter
-diff --git a/src/java/org/apache/velocity/anakia/XPathCache.java b/src/java/org/apache/velocity/anakia/XPathCache.java
-index cef43d9..0d633b0 100644
---- a/src/java/org/apache/velocity/anakia/XPathCache.java
-+++ b/src/java/org/apache/velocity/anakia/XPathCache.java
-@@ -19,7 +19,9 @@ package org.apache.velocity.anakia;
-  * under the License.    
-  */
- 
--import com.werken.xpath.XPath;
-+import org.jdom.JDOMException;
-+import org.jdom.xpath.XPath;
-+
- import java.util.Map;
- import java.util.WeakHashMap;
- 
-@@ -46,8 +48,9 @@ class XPathCache
-      * A cached object is returned if it already exists for the requested expression.
-      * @param xpathString the XPath expression to parse
-      * @return the XPath object that represents the parsed XPath expression.
-+     * @throws JDOMException
-      */
--    static XPath getXPath(String xpathString)
-+    static XPath getXPath(String xpathString) throws JDOMException
-     {
-         XPath xpath = null;
-         synchronized(XPATH_CACHE)
-@@ -55,7 +58,7 @@ class XPathCache
-             xpath = (XPath)XPATH_CACHE.get(xpathString);
-             if(xpath == null)
-             {
--                xpath = new XPath(xpathString);
-+                xpath = XPath.newInstance(xpathString);
-                 XPATH_CACHE.put(xpathString, xpath);
-             }
-         }
-diff --git a/src/java/org/apache/velocity/anakia/XPathTool.java b/src/java/org/apache/velocity/anakia/XPathTool.java
-index c9e6178..f85d2c1 100644
---- a/src/java/org/apache/velocity/anakia/XPathTool.java
-+++ b/src/java/org/apache/velocity/anakia/XPathTool.java
-@@ -23,6 +23,7 @@ import java.util.List;
- 
- import org.jdom.Document;
- import org.jdom.Element;
-+import org.jdom.JDOMException;
- 
- /**
-  * This class adds an entrypoint into XPath functionality,
-@@ -88,12 +89,13 @@ public class XPathTool
-      * @param doc The Document context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        Document doc)
-+                        Document doc) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, Document)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( doc ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( doc ), false);
-     }
- 
-     /**
-@@ -103,12 +105,13 @@ public class XPathTool
-      * @param elem The Element context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        Element elem)
-+                        Element elem) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, Element)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( elem ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( elem ), false);
-     }
- 
-     /**
-@@ -118,12 +121,13 @@ public class XPathTool
-      * @param nodeSet The nodeset context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        List nodeSet)
-+                        List nodeSet) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, List)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( nodeSet ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( nodeSet ), false);
-     }
- }
- 
--- 
-1.8.3.1
-

SOURCES/0001-Remove-avalon-logkit.patch

@@ -1,62 +0,0 @@
-From 1d2f89cb3e954b943751fa8dd587fdb404eb9338 Mon Sep 17 00:00:00 2001
-From: Stanislav Ochotnicky <sochotnicky@redhat.com>
-Date: Mon, 21 Feb 2011 15:53:34 +0100
-Subject: [PATCH 1/3] Remove avalon-logkit
-
-we don't have it packaged so change defaults and remove it from pom.xml
----
- pom.xml                                            |    6 ------
- .../velocity/runtime/defaults/velocity.properties  |    4 ++--
- .../apache/velocity/runtime/log/LogManager.java    |    2 +-
- 3 files changed, 3 insertions(+), 9 deletions(-)
-
-diff --git a/pom.xml b/pom.xml
-index 77a8e38..f453208 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -197,12 +197,6 @@
-       <scope>provided</scope>
-     </dependency>
-     <dependency>
--      <groupId>logkit</groupId>
--      <artifactId>logkit</artifactId>
--      <version>2.0</version>
--      <scope>provided</scope>
--    </dependency>
--    <dependency>
-       <groupId>ant</groupId>
-       <artifactId>ant</artifactId>
-       <version>1.6</version>
-diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-index 750a59a..7fac119 100644
---- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-+++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-@@ -20,10 +20,10 @@
- # ----------------------------------------------------------------------------
- 
- # ----------------------------------------------------------------------------
--#  default LogChute to use: default: AvalonLogChute, Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute
-+#  default LogChute to use: default: Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute
- # ----------------------------------------------------------------------------
- 
--runtime.log.logsystem.class = org.apache.velocity.runtime.log.AvalonLogChute,org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute
-+runtime.log.logsystem.class = org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute
- 
- # ---------------------------------------------------------------------------
- # This is the location of the Velocity Runtime log.
-diff --git a/src/java/org/apache/velocity/runtime/log/LogManager.java b/src/java/org/apache/velocity/runtime/log/LogManager.java
-index 19d1016..97dceef 100644
---- a/src/java/org/apache/velocity/runtime/log/LogManager.java
-+++ b/src/java/org/apache/velocity/runtime/log/LogManager.java
-@@ -119,7 +119,7 @@ public class LogManager
-          * classes, and we use the first one we find.
-          *
-          * Note that the default value of this property contains the
--         * AvalonLogChute, the Log4JLogChute, CommonsLogLogChute,
-+         * Log4JLogChute, CommonsLogLogChute,
-          * ServletLogChute, and the JdkLogChute for
-          * convenience - so we use whichever we works first.
-          */
--- 
-1.7.4
-

SOURCES/0002-Port-to-OpenJDK-11.patch

@@ -1,33 +0,0 @@
-From a7d58ff8edefb992d4989a4e2d8f4eec104e4e93 Mon Sep 17 00:00:00 2001
-From: Marian Koncek <mkoncek@redhat.com>
-Date: Thu, 31 Oct 2019 15:38:55 +0100
-Subject: [PATCH] Port to OpenJDK 11
-
----
- .../org/apache/velocity/test/BuiltInEventHandlerTestCase.java | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/test/org/apache/velocity/test/BuiltInEventHandlerTestCase.java b/src/test/org/apache/velocity/test/BuiltInEventHandlerTestCase.java
-index 2005b0b..fb29ce3 100644
---- a/src/test/org/apache/velocity/test/BuiltInEventHandlerTestCase.java
-+++ b/src/test/org/apache/velocity/test/BuiltInEventHandlerTestCase.java
-@@ -339,14 +339,14 @@ public class BuiltInEventHandlerTestCase extends BaseTestCase {
-         writer = new StringWriter();
-         ve1.evaluate(context,writer,"test","$list.get(0)");
-         assertTrue(writer.toString().indexOf("IndexOutOfBoundsException") != -1);
--        assertTrue(writer.toString().indexOf("Index: 0, Size: 0") == -1);
-+        assertTrue(writer.toString().indexOf("Index 0 out of bounds for length 0") == -1);
-         assertTrue(writer.toString().indexOf("ArrayList") == -1);
- 
-         // message
-         writer = new StringWriter();
-         ve2.evaluate(context,writer,"test","$list.get(0)");
-         assertTrue(writer.toString().indexOf("IndexOutOfBoundsException") != -1);
--        assertTrue(writer.toString().indexOf("Index: 0, Size: 0") != -1);
-+        assertTrue(writer.toString().indexOf("Index 0 out of bounds for length 0") != -1);
-         assertTrue(writer.toString().indexOf("ArrayList") == -1);
- 
-         // stack trace
--- 
-2.21.0
-

SOURCES/0003-Use-system-jars.patch

@@ -1,197 +0,0 @@
-From 813085c72e9906a53bec5954bcce7305a7c320d1 Mon Sep 17 00:00:00 2001
-From: Stanislav Ochotnicky <sochotnicky@redhat.com>
-Date: Mon, 21 Feb 2011 17:58:39 +0100
-Subject: [PATCH 3/3] Use system jars
-
----
- build/build.xml     |   56 +++++++++++----------------------------------------
- build/testcases.xml |    6 -----
- 2 files changed, 12 insertions(+), 50 deletions(-)
-
-diff --git a/build/build.xml b/build/build.xml
-index c667553..479ef2d 100644
---- a/build/build.xml
-+++ b/build/build.xml
-@@ -140,28 +140,6 @@
-   <!-- =================================================================== -->
-   <!-- sets up the build environment (classpath and libs)                  -->
-   <!-- =================================================================== -->
--  <target name="build-prepare">
--    <ant antfile="${velocity.build.dir}/download.xml" target="build-download" />
--
--    <!-- Build classpath -->
--    <path id="velocity.build.classpath">
--      <fileset dir="${build.lib}">
--        <include name="**/*.jar"/>
--      </fileset>
--    </path>
--
--    <!-- Test classpath, contains dependencies needed only for Testing -->
--    <path id="velocity.test.classpath">
--      <fileset dir="${build.test.lib}">
--        <include name="**/*.jar"/>
--      </fileset>
--    </path>
--
--    <path id="velocity.run.classpath">
--      <path refid="velocity.build.classpath"/>
--      <pathelement location="${build.dir}/${final.name}.jar"/>
--    </path>
--  </target>
- 
-   <!-- =================================================================== -->
-   <!-- checks for the existence/non-existence of various java features     -->
-@@ -174,12 +152,11 @@
-   <target name="prepare-jdbc" depends="check-jdbc,check-jdbc-true,check-jdbc-false"/>
-   <target name="prepare-jdk14" depends="check-jdk14,check-jdk14-true,check-jdk14-false"/>
- 
--  <target name="check-jdbc" depends="build-prepare">
-+  <target name="check-jdbc">
-     <!--  note: check to see if required class is available.  -->
-     <!-- might be j2ee.jar, jdbc2_0-stdext.jar, or simply JDK 1.4+ -->
-     <available classname="javax.sql.DataSource"
-                property="jdbc.present">
--      <classpath refid="velocity.build.classpath"/>
-     </available>
-   </target>
- 
-@@ -210,10 +187,9 @@
-     </echo>
-   </target>
- 
--  <target name="check-jdk14" depends="build-prepare">
-+  <target name="check-jdk14">
-      <available classname="java.util.logging.Logger"
-                property="jdk14.present">
--      <classpath refid="velocity.build.classpath"/>
-     </available>
-   </target>
- 
-@@ -248,7 +224,7 @@
-   <!-- =================================================================== -->
-   <target name="compile" depends="compile-src,compile-test"/>
- 
--  <target name="compile-src" depends="prepare,build-prepare,check-jdbc,check-jdk14"
-+  <target name="compile-src" depends="prepare,check-jdbc,check-jdk14"
-           description="Compiles the Velocity source">
-     <javac srcdir="${build.src}"
-       destdir="${build.dest}"
-@@ -257,8 +233,7 @@
-       target="${javac.target}"
-       source="${javac.source}"
-       deprecation="${deprecation}"
--      optimize="${optimize}"
--      classpathref="velocity.build.classpath"/>
-+      optimize="${optimize}"/>
- 
-     <copy todir="${build.dest}" filtering="yes">
-       <fileset dir="${src.java.dir}">
-@@ -268,7 +243,7 @@
- 
-   </target>
- 
--  <target name="compile-test" depends="prepare,build-prepare,compile-src"
-+  <target name="compile-test" depends="prepare,compile-src"
-           description="Compiles the Velocity test classes">
-     <javac srcdir="${build.test.src}"
-       destdir="${build.test.dest}"
-@@ -279,8 +254,6 @@
- 
-       <!-- Don't use the run classpath, build using the exploded class tree -->
-       <classpath>
--        <path refid="velocity.build.classpath"/>
--        <path refid="velocity.test.classpath" />
-         <pathelement location="${build.dest}"/>
-       </classpath>
-     </javac>
-@@ -561,7 +534,7 @@
-   <!-- =================================================================== -->
-   <!-- Compiles the example code                                           -->
-   <!-- =================================================================== -->
--  <target name="examples" depends="build-prepare,jar"
-+  <target name="examples"
-           description="Compiles the Velocity Example code">
- 
-     <echo>
-@@ -585,8 +558,7 @@
-       encoding="UTF-8"
-       debug="${debug}"
-       deprecation="${deprecation}"
--      optimize="${optimize}"
--      classpathref="velocity.run.classpath"/>
-+      optimize="${optimize}"/>
-   </target>
- 
-   <target name="examples-clean" depends="examples-clean-anakia">
-@@ -604,7 +576,7 @@
-   <!-- =================================================================== -->
-   <!-- Creates the API documentation                                       -->
-   <!-- =================================================================== -->
--  <target name="javadocs" depends="prepare,build-prepare"
-+  <target name="javadocs" depends="prepare"
-           description="Creates the Javadoc API documentation">
- 
-     <mkdir dir="${build.javadoc}"/>
-@@ -620,8 +592,7 @@
-              doctitle="${name} ${version} API"
-              encoding="UTF-8"
-              docencoding="UTF-8"
--             bottom="Copyright &#169; 2000-${build.year} &lt;a href=&quot;http://www.apache.org/&quot;&gt;Apache Software Foundation&lt;/a&gt;. All Rights Reserved."
--             classpathref="velocity.build.classpath">
-+             bottom="Copyright &#169; 2000-${build.year} &lt;a href=&quot;http://www.apache.org/&quot;&gt;Apache Software Foundation&lt;/a&gt;. All Rights Reserved.">
- 
-       <link href="${javadocs.ref.jsdk}"/>
-       <link href="http://www.jdom.org/docs/apidocs"/>
-@@ -1024,12 +995,11 @@
-   <!-- Make HTML version of Velocity documentation                         -->
-   <!-- =================================================================== -->
- 
--  <target name="docs" depends="build-prepare,jar"
-+  <target name="docs" depends="jar"
-           description="Generates the Velocity HTML documentation">
- 
-     <taskdef name="anakia"
--             classname="org.apache.velocity.anakia.AnakiaTask"
--             classpathref="velocity.run.classpath"/>
-+             classname="org.apache.velocity.anakia.AnakiaTask"/>
- 
-     <echo>
-   #######################################################
-@@ -1231,7 +1201,7 @@
-   <!-- =================================================================== -->
-   <!-- JUnit Tests for Velocity                                            -->
-   <!-- =================================================================== -->
--  <target name="test-main" depends="build-prepare,compile-test"
-+  <target name="test-main" depends="compile-test"
-           description="Run the Velocity testcases">
- 
-     <!-- Require ant 1.7+ for Junit compatibility -->
-@@ -1264,8 +1234,6 @@
- 
-       <!-- Don't use the run classpath, test using the exploded class tree -->
-       <classpath>
--        <path refid="velocity.build.classpath" />
--        <path refid="velocity.test.classpath" />
-         <pathelement path="${build.dest}"/>
-         <pathelement path="${build.test.dest}"/>
-       </classpath>
-diff --git a/build/testcases.xml b/build/testcases.xml
-index 06bb36e..f3749bc 100644
---- a/build/testcases.xml
-+++ b/build/testcases.xml
-@@ -36,12 +36,6 @@
- 
-   <!-- Build classpath -->
-   <path id="velocity.test.classpath">
--    <fileset dir="${build.lib}">
--      <include name="**/*.jar"/>
--    </fileset>
--    <fileset dir="${build.test.lib}">
--      <include name="**/*.jar"/>
--    </fileset>
-     <pathelement location="${build.dest}"/>
-     <pathelement location="${build.test.dest}"/>
-   </path>
--- 
-1.7.4
-

SOURCES/0004-JDBC-41-compat.patch

@@ -1,19 +0,0 @@
---- a/src/test/org/apache/velocity/test/sql/HsqlDataSource.java	2012-02-15 19:49:20.202936454 -0500
-+++ b/src/test/org/apache/velocity/test/sql/HsqlDataSource.java	2012-02-15 19:52:35.062574871 -0500
-@@ -23,6 +23,7 @@
- import java.sql.Connection;
- import java.sql.DriverManager;
- import java.sql.SQLException;
-+import java.sql.SQLFeatureNotSupportedException;
- 
- import javax.sql.DataSource;
- 
-@@ -73,5 +74,8 @@
-     public Object unwrap(final Class iface) throws SQLException {
- 	throw new SQLException("Not implemented");
-     }
-+    public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException {
-+	throw new SQLFeatureNotSupportedException("getParentLogger() not supported");
-+    }
- 
- }

SOURCES/0004-Use-log4j-1.2.17.patch

@@ -1,25 +0,0 @@
-From cec42bf7ae8b4b72850c3cdea74a07603f11786f Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk@redhat.com>
-Date: Wed, 18 Jun 2014 07:25:12 +0200
-Subject: [PATCH 4/4] Use log4j 1.2.17
-
----
- pom.xml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pom.xml b/pom.xml
-index e35d72d..c8d48fd 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -187,7 +187,7 @@
-     <dependency>
-       <groupId>log4j</groupId>
-       <artifactId>log4j</artifactId>
--      <version>1.2.12</version>
-+      <version>1.2.17</version>
-       <scope>provided</scope>
-     </dependency>
-     <dependency>
--- 
-1.9.3
-

SOURCES/0006-Skip-Java-8-incompatible-test.patch

@@ -1,26 +0,0 @@
-From 6060e6ef497bddc4a9aeac343e584ff324746d58 Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk@redhat.com>
-Date: Wed, 18 Jun 2014 08:11:48 +0200
-Subject: [PATCH 6/6] Skip Java 8 incompatible test
-
----
- src/test/org/apache/velocity/test/issues/VelTools66TestCase.java | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java b/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-index 00bb0b1..6fb7260 100644
---- a/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-+++ b/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-@@ -87,7 +87,8 @@ public class VelTools66TestCase
- 
-         Method testMethod = introspector.getMethod(TestObject.class, "getTestValue", new Object[0]);
-         assertNotNull(testMethod);
--        assertEquals("Method object does not match!", verifyMethod, testMethod);
-+        // Java 8 incompatibility
-+        // assertEquals("Method object does not match!", verifyMethod, testMethod);
-     }
- 
-     public static interface TestInterface
--- 
-1.9.3
-

SOURCES/velocity-1.7-doclint.patch

@@ -1,11 +0,0 @@
-diff -Nru velocity-1.7/build/build.xml velocity-1.7.doclint/build/build.xml
---- velocity-1.7/build/build.xml	2015-07-22 12:13:51.566920750 +0200
-+++ velocity-1.7.doclint/build/build.xml	2015-07-22 12:13:14.929703544 +0200
-@@ -592,6 +592,7 @@
-              doctitle="${name} ${version} API"
-              encoding="UTF-8"
-              docencoding="UTF-8"
-+             additionalparam="-Xdoclint:none"
-              bottom="Copyright © 2000-${build.year} <a href="http://www.apache.org/">Apache Software Foundation</a>. All Rights Reserved.">
- 
-       <link href="${javadocs.ref.jsdk}"/>

SOURCES/velocity-1.7-osgi.patch

@@ -1,43 +0,0 @@
-diff -Nru velocity-1.7/build/build.properties velocity-1.7.osgi/build/build.properties
---- velocity-1.7/build/build.properties	2010-11-19 21:16:21.000000000 +0100
-+++ velocity-1.7.osgi/build/build.properties	2015-07-22 12:21:19.627117810 +0200
-@@ -166,8 +166,7 @@
- 
- ########################################################################
- # OSGi stuff
--import=com.werken.xpath;resolution:=optional,\
-- javax.naming,\
-+import=javax.naming,\
-  javax.servlet;resolution:=optional,\
-  javax.servlet.http;resolution:=optional,\
-  javax.sql,\
-@@ -188,8 +187,7 @@
-  org.jdom.input;resolution:=optional,\
-  org.jdom.output;resolution:=optional,\
-  org.xml.sax
--dep.import=com.werken.xpath;resolution:=optional,\
-- javax.naming,\
-+dep.import=javax.naming,\
-  javax.servlet;resolution:=optional,\
-  javax.servlet.http;resolution:=optional,\
-  javax.sql,\
-@@ -207,8 +205,7 @@
- export=org.apache.velocity;uses:="org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime.resource",\
-- org.apache.velocity.anakia;uses:="com.werken.xpath,\
--     org.apache.tools.ant,\
-+ org.apache.velocity.anakia;uses:="org.apache.tools.ant,\
-      org.apache.tools.ant.taskdefs,\
-      org.jdom,\
-      org.jdom.output",\
-@@ -327,8 +324,7 @@
-  org.apache.velocity;uses:="org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime.resource",\
-- org.apache.velocity.anakia;uses:="com.werken.xpath,\
--     org.apache.tools.ant,\
-+ org.apache.velocity.anakia;uses:="org.apache.tools.ant,\
-      org.apache.tools.ant.taskdefs,\
-      org.jdom,\
-      org.jdom.output",\

SOURCES/velocity-1.7.pom

@@ -1,346 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements.  See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership.  The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License.  You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied.  See the License for the
- specific language governing permissions and limitations
- under the License.    
--->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-  <modelVersion>4.0.0</modelVersion>
-
-  <parent>
-    <groupId>org.apache</groupId>
-    <artifactId>apache</artifactId>
-    <version>4</version>
-  </parent>
-
-  <groupId>org.apache.velocity</groupId>
-  <artifactId>velocity</artifactId>
-  <version>1.7</version>
-
-  <name>Apache Velocity</name>
-  <url>http://velocity.apache.org/engine/devel/</url>
-  <description>Apache Velocity is a general purpose template engine.</description>
-  <inceptionYear>2000</inceptionYear>
-  <packaging>jar</packaging>
-  
-  <prerequisites>
-      <maven>2.0.9</maven>
-  </prerequisites>
-
-  <build>
-    <defaultGoal>install</defaultGoal>
-    <sourceDirectory>src/java</sourceDirectory>
-    <testSourceDirectory>src/test</testSourceDirectory>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-site-plugin</artifactId>
-        <configuration>
-          <inputEncoding>UTF-8</inputEncoding>
-          <outputEncoding>UTF-8</outputEncoding>
-          <xdocDirectory>${basedir}/xdocs/docs</xdocDirectory>
-        </configuration>
-      </plugin>
-    </plugins>
-    <resources>
-      <resource>
-        <directory>src/java</directory>
-        <excludes>
-          <exclude>**/*.java</exclude>
-        </excludes>
-      </resource>
-    </resources>
-  </build>
-
-  <distributionManagement>
-    <site>
-      <id>velocity.apache.org</id>
-      <url>scpexe://people.apache.org/www/velocity.apache.org/engine/releases/velocity-1.7</url>
-    </site>
-    <repository>
-      <id>apache.releases</id>
-      <name>Apache Release Distribution Repository</name>
-      <url>scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
-    </repository>
-    <snapshotRepository>
-      <id>apache.snapshots</id>
-      <name>Apache Development Snapshot Repository</name>
-      <url>scp://people.apache.org/www/people.apache.org/repo/m2-snapshot-repository</url>
-    </snapshotRepository>
-  </distributionManagement>
-
-  <developers>
-    <developer>
-      <name>Will Glass-Husain</name>
-      <id>wglass</id>
-      <email>wglass@forio.com</email>
-      <organization>Forio Business Simulations</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-   <developer>
-      <name>Geir Magnusson Jr.</name>
-      <id>geirm</id>
-      <email>geirm@optonline.net</email>
-      <organization>Independent (DVSL Maven)</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-    <developer>
-      <name>Daniel Rall</name>
-      <id>dlr</id>
-      <email>dlr@finemaltcoding.com</email>
-      <organization>CollabNet, Inc.</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-    <developer>
-      <name>Henning P. Schmiedehausen</name>
-      <id>henning</id>
-      <email>hps@intermeta.de</email>
-      <organization>INTERMETA - Gesellschaft für Mehrwertdienste mbH</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-      <timezone>2</timezone>
-    </developer>
-
-    <developer>
-      <name>Nathan Bubna</name>
-      <id>nbubna</id>
-      <email>nathan@esha.com</email>
-      <organization>ESHA Research</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-  </developers>
-
-  <dependencies>
-    <dependency>
-      <groupId>commons-collections</groupId>
-      <artifactId>commons-collections</artifactId>
-      <version>3.2.1</version>
-    </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-      <version>2.4</version>
-    </dependency>
-    <dependency>
-      <groupId>oro</groupId>
-      <artifactId>oro</artifactId>
-      <version>2.0.8</version>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>jdom</groupId>
-      <artifactId>jdom</artifactId>
-      <version>1.0</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.1</version>
-      <scope>provided</scope>
-      <exclusions>
-        <exclusion>
-          <groupId>avalon-framework</groupId>
-          <artifactId>avalon-framework</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>log4j</groupId>
-          <artifactId>log4j</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
-      <version>1.2.12</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>servlet-api</artifactId>
-      <version>2.3</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>logkit</groupId>
-      <artifactId>logkit</artifactId>
-      <version>2.0</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ant</groupId>
-      <artifactId>ant</artifactId>
-      <version>1.6</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>werken-xpath</groupId>
-      <artifactId>werken-xpath</artifactId>
-      <version>0.9.4</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>3.8.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>1.7.1</version>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-  <reporting>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-project-info-reports-plugin</artifactId>
-        <version>2.1</version>
-        <reportSets>
-          <reportSet>
-            <reports>
-              <report>dependencies</report>
-              <report>issue-tracking</report>
-              <report>license</report>
-              <report>summary</report>
-              <report>scm</report>
-            </reports>
-          </reportSet>
-        </reportSets>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-changes-plugin</artifactId>
-        <version>2.0</version>
-        <reportSets>
-          <reportSet>
-            <reports>
-              <report>changes-report</report>
-              <report>jira-report</report>
-            </reports>
-          </reportSet>
-        </reportSets>
-        <configuration>
-            <issueLinkTemplate>${jira.browse.url}/%ISSUE%</issueLinkTemplate>
-          <!-- Apache JIRA, Component Engine -->
-          <component>12311337</component>
-          <!-- FixFor 1.6 -->
-          <filter>fixfor=12310290&amp;sorter/field=issuekey&amp;sorter/order=ASC</filter>
-          <maxEntries>100</maxEntries>
-          <teamlist>http://velocity.apache.org/who-we-are.html</teamlist>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>taglist-maven-plugin</artifactId>
-        <version>2.2</version>
-        <configuration>
-          <tag>TODO</tag>
-          <tag>FIXME</tag>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-jxr-plugin</artifactId>
-        <version>2.1</version>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-javadoc-plugin</artifactId>
-        <version>2.5</version>
-        <configuration>
-          <links>
-            <link>http://java.sun.com/j2se/1.4.2/docs/api</link>
-            <link>http://jakarta.apache.org/oro/api</link>
-            <link>http://jakarta.apache.org/commons/lang/api-release</link>
-            <link>http://jakarta.apache.org/commons/collections/api-release</link>
-
-            <link>http://www.jdom.org/docs/apidocs</link>
-            <link>http://logging.apache.org/log4j/docs/api</link>
-            <link>http://excalibur.apache.org/apidocs</link>
-            <link>http://tomcat.apache.org/tomcat-4.1-doc/servletapi</link>
-          </links>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-changelog-plugin</artifactId>
-        <version>2.1</version>
-      </plugin>
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>findbugs-maven-plugin</artifactId>
-        <version>1.2</version>
-        <configuration>
-          <xmlOutput>true</xmlOutput>
-          <threshold>Low</threshold>
-          <effort>Max</effort>
-          <excludeFilterFile>build/findbugs-exclude.xml</excludeFilterFile>
-          <findbugsXmlOutputDirectory>xdocs</findbugsXmlOutputDirectory> 
-        </configuration>
-      </plugin>
-      <plugin>      
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.4</source>
-          <target>1.4</target>
-        </configuration>
-      </plugin>
-    </plugins>
-  </reporting>
-
-  <scm>
-    <connection>scm:svn:http://svn.apache.org/repos/asf/velocity/engine/trunk</connection>
-    <developerConnection>scm:svn:https://svn.apache.org/repos/asf/velocity/engine/trunk</developerConnection>
-    <tag>HEAD</tag>
-    <url>http://svn.apache.org/viewvc/velocity/engine/trunk</url>
-  </scm>
-
-    <properties>
-        <jira.browse.url>https://issues.apache.org/jira/browse</jira.browse.url>
-    </properties>
-
-  <issueManagement>
-    <system>JIRA</system>
-    <url>${jira.browse.url}/VELOCITY</url>
-  </issueManagement>
-</project>

gating.yaml

@@ -0,0 +1,8 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_contexts:
+  - osci_compose_gate
+rules:
+  # https://docs.engineering.redhat.com/display/RHELPLAN/Maven+Bootstrap+manual+gating+test
+  - !PassingTestCaseRule {test_case_name: manual.sst_cs_apps.maven.bootstrap}

generate-tarball.sh

@@ -9,13 +9,13 @@ wget "http://www.apache.org/dist/${name}/engine/${version}/${name}-${version}.ta
 
 rm -rf tarball-tmp
 mkdir tarball-tmp
-cd tarball-tmp
+pushd tarball-tmp
 tar xf "../${name}-${version}.orig.tar.gz"
 
 # CLEAN TARBALL
 rm -r */*.jar
 rm -r */lib
 
-tar cf "../${name}-${version}.tar.gz" *
-cd ..
+tar -czf "../${name}-${version}.tar.gz" *
+popd
 rm -r tarball-tmp "${name}-${version}.orig.tar.gz"

sources

@@ -0,0 +1,2 @@
+SHA512 (velocity-1.7.tar.gz) = d305642aab3c837ad250deaa46b516561fb68f92d04fc205fd4f40eb774ba6286ed3b239ee6352bc4411bd11cb4d1d5b39ce9ab8467f0e1ffceed9f9fc5a228d
+SHA512 (velocity-1.7.pom) = 04e8850d391dc16501caa7127fb0b62bb3681dc912d6275056dd57f12d7928db6a1232600e7b0025782a22713fcb134fe41e148ca7601af705f3283feb854cde

velocity.spec

@@ -1,7 +1,8 @@
+%bcond_with bootstrap
 
 Name:           velocity
 Version:        1.7
-Release:        26%{?dist}
+Release:        38%{?dist}
 Summary:        Java-based template engine
 License:        ASL 2.0
 URL:            http://velocity.apache.org/
@@ -13,35 +14,18 @@ Source1:        http://repo1.maven.org/maven2/org/apache/%{name}/%{name}/%{versi
 # Remove bundled binaries which cannot be easily verified for licensing
 Source2:        generate-tarball.sh
 
-Patch0:         0001-Remove-avalon-logkit.patch
-Patch1:         0004-Use-log4j-1.2.17.patch
-Patch2:         0003-Use-system-jars.patch
-Patch3:         0004-JDBC-41-compat.patch
-Patch4:         0001-Don-t-use-Werken-XPath.patch
-Patch5:         0006-Skip-Java-8-incompatible-test.patch
-Patch6:         velocity-1.7-doclint.patch
-Patch7:         velocity-1.7-osgi.patch
-Patch8:         0001-Port-to-apache-commons-lang3.patch
-Patch9:         0002-Port-to-OpenJDK-11.patch
+Patch1:         0001-Port-to-apache-commons-lang3.patch
+Patch2:         0002-Force-use-of-JDK-log-chute.patch
+Patch3:         0003-CVE-2020-13936.patch
 
-BuildRequires:  javapackages-local
-BuildRequires:  ant
-BuildRequires:  antlr
-BuildRequires:  junit
-BuildRequires:  ant-junit
-BuildRequires:  apache-commons-collections
-BuildRequires:  apache-commons-logging
-BuildRequires:  apache-commons-lang3
-BuildRequires:  glassfish-servlet-api
-BuildRequires:  jakarta-oro
-BuildRequires:  jaxen
-BuildRequires:  jdom
-BuildRequires:  bcel
-BuildRequires:  log4j12
-BuildRequires:  apache-parent
-
-# It fails one of the arithmetic test cases with gcj
-BuildRequires:  java-devel >= 1:1.6.0
+BuildRequires:  maven-local
+%if %{with bootstrap}
+BuildRequires:  javapackages-bootstrap
+%else
+BuildRequires:  mvn(commons-collections:commons-collections)
+BuildRequires:  mvn(org.apache.commons:commons-lang3)
+BuildRequires:  mvn(org.apache:apache:pom:)
+%endif
 
 %description
 Velocity is a Java-based template engine. It permits anyone to use the
@@ -64,144 +48,108 @@ template services for the Turbine web application framework.
 Velocity+Turbine provides a template service that will allow web
 applications to be developed according to a true MVC model.
 
-%package        manual
-Summary:        Manual for %{name}
-
-%description    manual
-Documentation for %{name}.
-
 %package        javadoc
 Summary:        Javadoc for %{name}
 
 %description    javadoc
 Javadoc for %{name}.
 
-%package        demo
-Summary:        Demo for %{name}
-Requires:       %{name} = %{version}-%{release}
-
-%description    demo
-Demonstrations and samples for %{name}.
-
-# -----------------------------------------------------------------------------
-
 %prep
 %setup -q
+cp %{SOURCE1} ./pom.xml
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
-# remove bundled libs/classes (except those used for testing)
 find . -name '*.jar' ! -name 'test*.jar' -print -delete
 find . -name '*.class' ! -name 'Foo.class' -print -delete
 
-# Remove dependency on avalon-logkit
-rm -f src/java/org/apache/velocity/runtime/log/AvalonLogChute.java
-rm -f src/java/org/apache/velocity/runtime/log/AvalonLogSystem.java
-rm -f src/java/org/apache/velocity/runtime/log/VelocityFormatter.java
+# Disable unneeded features
+rm -r src/java/org/apache/velocity/{anakia,texen,servlet,convert}
+rm src/java/org/apache/velocity/runtime/log/{Avalon,Log4J}Log{Chute,System}.java
+rm src/java/org/apache/velocity/runtime/log/{CommonsLog,Servlet}LogChute.java
+rm src/java/org/apache/velocity/runtime/log/SimpleLog4JLogSystem.java
+rm src/java/org/apache/velocity/runtime/log/VelocityFormatter.java
+rm src/java/org/apache/velocity/app/event/implement/Escape{Html,JavaScript,Sql,Xml,}Reference.java
 
-# need porting to new servlet API. We would just add a lot of empty functions
-rm  src/test/org/apache/velocity/test/VelocityServletTestCase.java
+%pom_remove_dep :oro
+%pom_remove_dep :jdom
+%pom_remove_dep :commons-logging
+%pom_remove_dep :log4j
+%pom_remove_dep :servlet-api
+%pom_remove_dep :logkit
+%pom_remove_dep :ant
+%pom_remove_dep :werken-xpath
 
-# This test doesn't work with new hsqldb
-rm src/test/org/apache/velocity/test/sql/DataSourceResourceLoaderTestCase.java
-
-cp %{SOURCE1} ./pom.xml
-
-# remove rest of avalon logkit refences
-%patch0 -p1
-
-# Use log4j 1.2.17
-%patch1 -p1
-
-# Use system jar files instead of downloading from net
-%patch2 -p1
-
-%patch3 -p1
-
-# Use jdom instead of werken-xpath
-%patch4 -p1
-%pom_remove_dep werken-xpath:
-
-# Skip Java 8 incompatible test
-%patch5 -p1
-
-# Disable Java8 doclint
-%patch6 -p1
-
-# Remove werken-xpath Import/Export refences in OSGi manifest file
-%patch7 -p1
-
-# Port to apache-commons-lang3
-%patch8 -p1
-
-# Tests compare the string content of thrown exceptions which changed with jdk 11
-%patch9 -p1
-
-rm -r src/test/org/apache/velocity/test/sql
-
-# -----------------------------------------------------------------------------
+%mvn_alias : %{name}:%{name}
 
 %build
-
-export CLASSPATH=$(build-classpath \
-antlr \
-apache-commons-collections \
-commons-lang3 \
-commons-logging \
-glassfish-servlet-api \
-junit \
-jakarta-oro \
-log4j:log4j:1.2.17 \
-jaxen \
-jdom \
-bcel \
-hsqldb \
-junit)
-ant \
-  -buildfile build/build.xml \
-  -Dbuild.sysclasspath=first \
-  -Djavac.target=1.6 \
-  -Djavac.source=1.6 \
-  jar javadocs test
-
-# fix line-endings in generated files
-sed -i 's/\r//' docs/api/stylesheet.css docs/api/package-list
-
-# -----------------------------------------------------------------------------
+%mvn_build -f
 
 %install
-%mvn_file : %{name}
-%mvn_alias : %{name}:%{name}
-%mvn_artifact pom.xml bin/%{name}-%{version}.jar
-%mvn_install -J docs/api
-
-# zero-length file
-rm -r test/issues/velocity-537/compare/velocity537.vm.cmp
-# data
-install -d -m 755 %{buildroot}%{_datadir}/%{name}
-cp -pr examples test %{buildroot}%{_datadir}/%{name}
-
+%mvn_install
 
 %files -f .mfiles
 %doc README.txt
 %license LICENSE NOTICE
 
-%files manual
-%license LICENSE NOTICE
-%doc docs/*
-
 %files javadoc -f .mfiles-javadoc
 %license LICENSE NOTICE
 
-%files demo
-%license LICENSE NOTICE
-%{_datadir}/%{name}
-
 %changelog
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.7-38
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Wed Jun 09 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-37
+- Rebuild to workaround DistroBaker issue
+
+* Tue Jun 08 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-36
+- Bootstrap Maven for CentOS Stream 9
+
+* Mon May 17 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-35
+- Bootstrap build
+- Non-bootstrap build
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-34
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Sep 11 2020 Fabio Valentini <decathorpe@gmail.com> - 0:1.7-33
+- Default to JDK logging and drop commons-logging and log4j12 implementations.
+
+* Thu Jul 30 2020 Fabio Valentini <decathorpe@gmail.com> - 0:1.7-32
+- Port to commons-lang3.
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Jiri Vanek <jvanek@redhat.com> - 0:1.7-30
+- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
+
+* Mon Jul 13 2020 Mat Booth <mat.booth@redhat.com> - 0:1.7-29
+- Ignore test case that fails on Java 11
+
+* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 0:1.7-28
+- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
+
+* Fri May 15 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-27
+- Build with Maven
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
 * Tue Nov 05 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-26
 - Mass rebuild for javapackages-tools 201902
 
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
 * Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-25
 - Mass rebuild for javapackages-tools 201901
 
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
 * Tue Jul 31 2018 Michael Simacek <msimacek@redhat.com> - 0:1.7-24
 - Repack the tarball without binaries