apache-commons-beanutils

Edit Package apache-commons-beanutils
No description set
Refresh
Refresh
Source Files
Filename Size Changed
apache-commons-beanutils-fix-build-version.patch 0000000609 609 Bytes
apache-commons-beanutils.changes 0000006194 6.05 KB
apache-commons-beanutils.spec 0000003988 3.89 KB
commons-beanutils-1.9.4-src.tar.gz 0000412606 403 KB
commons-beanutils-1.9.4-src.tar.gz.asc 0000000833 833 Bytes
jdk9.patch 0000000667 667 Bytes
Latest Revision
Frederic Crozat's avatar Frederic Crozat (fcrozat) committed (revision 2)
maven jsc#SLE-8786

dropped SLE patch: 
Added apache-commons-beanutils-CVE-2019-10086.patch

the same change is already in the Factory changelog, without a patch
but with a version bump, CVE and bsc are preserved.

Changelog can't be fully incremental in that case, but this is not a problem

old: SUSE:SLE-15-SP2:GA/apache-commons-beanutils
new: openSUSE.org:openSUSE:Factory/apache-commons-beanutils rev 14
Index: apache-commons-beanutils.changes
===================================================================
--- apache-commons-beanutils.changes (revision 1)
+++ apache-commons-beanutils.changes (revision 14)
@@ -1,10 +1,79 @@
 -------------------------------------------------------------------
-Wed Aug 21 14:34:18 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+Mon Oct  7 07:22:44 UTC 2019 - Fridrich Strba <fstrba@suse.com>
 
+- Add aliases to account for the ephemeral commons-beanutils-core
+  and commons-beanutils-bean-collections split.
+
+-------------------------------------------------------------------
+Thu Oct  3 08:16:19 UTC 2019 - Fridrich Strba <fstrba@suse.com>
+
+- Remove reference to parent pom, since it is not needed when not
+  building with maven
+
+-------------------------------------------------------------------
+Wed Aug 21 14:56:26 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to 1.9.4
+  * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114
 - Security fix: [bsc#1146657, CVE-2019-10086]
   * PropertyUtilsBean (and consequently BeanUtilsBean) now disallows class
     level property access by default, thus protecting against CVE-2014-0114.
-  * Added apache-commons-beanutils-CVE-2019-10086.patch
+- Fix build version in build.xml
+  * Added apache-commons-beanutils-fix-build-version.patch
+
+-------------------------------------------------------------------
+Tue Oct 23 17:30:33 UTC 2018 - Fridrich Strba <fstrba@suse.com>
+
+- Cleanup the maven pom files installation
+
+-------------------------------------------------------------------
+Fri Sep 21 07:44:23 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Fix the Source URLs to use mirrors properly
+
+-------------------------------------------------------------------
+Thu Sep 20 10:45:41 UTC 2018 - pmonrealgonzalez@suse.com
+
+- Updated to 1.9.3 
+  * This is a bug fix release, which also improves the tests for
+    building on Java 8.
+  * Note that Java 8 and later no longer support indexed bean
+    properties on java.util.List, only on arrays like String[].	
+    (BEANUTILS-492). This affects PropertyUtils.getPropertyType()
+    and PropertyUtils.getPropertyDescriptor(); their javadoc have
+    therefore been updated to reflect this change in the JDK.
+  * Changes in this version include:
+    - Fixed Bugs: 
+      * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector
+      * BEANUTILS-492: Fixed exception when setting indexed properties
+          on DynaBeans.
+      * BEANUTILS-470: Precision lost when converting BigDecimal.
+      * BEANUTILS-465: Indexed List Setters fixed.
+    - Changes:
+      * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12. 
+      * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2. 
+      * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the
+      	same naming algorithm as DefaultBeanIntrospector.
+      * BEANUTILS-490: Update Java requirement from Java 5 to 6. 
+      * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2
+        (CVE-2015-4852).
+      * BEANUTILS-490: Update java requirement to Java 6.
+      * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8. 
+      * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.
+      * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.
+    - Historical list of changes:
+      http://commons.apache.org/proper/commons-beanutils/changes-report.html
+
+- Refreshed patch jdk9.patch for this version update
+
+-------------------------------------------------------------------
+Tue May 15 06:03:11 UTC 2018 - fstrba@suse.com
+
+- Modified patch:
+  * jdk9.patch
+    + Build with source and target 8 to prepare for a possible
+      removal of 1.6 compatibility
+- Run fdupes on documentation
 
 -------------------------------------------------------------------
 Thu Sep 14 09:25:26 UTC 2017 - fstrba@suse.com
Index: apache-commons-beanutils.spec
===================================================================
--- apache-commons-beanutils.spec (revision 1)
+++ apache-commons-beanutils.spec (revision 14)
@@ -19,18 +19,21 @@
 %define base_name	beanutils
 %define short_name	commons-%{base_name}
 Name:           apache-commons-beanutils
-Version:        1.9.2
+Version:        1.9.4
 Release:        0
 Summary:        Utility methods for accessing and modifying the properties of JavaBeans
 License:        Apache-2.0
-Group:          Development/Libraries/Java
-Url:            http://commons.apache.org/beanutils
-Source0:        commons-beanutils-%{version}-src.tar.gz
+URL:            https://commons.apache.org/beanutils
+Source0:        http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz
+Source1:        http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz.asc
 Patch0:         jdk9.patch
-Patch1:         apache-commons-beanutils-CVE-2019-10086.patch
+Patch1:         apache-commons-beanutils-fix-build-version.patch
 BuildRequires:  ant
 BuildRequires:  commons-collections
 BuildRequires:  commons-logging
+BuildRequires:  fdupes
+BuildRequires:  javapackages-local
+BuildRequires:  javapackages-tools
 BuildRequires:  xml-commons-apis
 Requires:       commons-collections >= 2.0
 Requires:       commons-logging >= 1.0
@@ -38,7 +41,6 @@
 Obsoletes:      %{short_name} < %{version}-%{release}
 Provides:       jakarta-%{short_name} = %{version}-%{release}
 Obsoletes:      jakarta-%{short_name} < %{version}-%{release}
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 
 %description
@@ -49,7 +51,6 @@
 
 %package javadoc
 Summary:        Javadoc for jakarta-commons-beanutils
-Group:          Development/Libraries/Java
 
 %description javadoc
 The scope of the Jakarta Commons BeanUtils Package is to create a
@@ -68,33 +69,45 @@
 # bug in ant build
 touch README.txt
 
+%{pom_remove_parent}
+
 %build
 export CLASSPATH=%(build-classpath commons-collections commons-logging)
-ant -Dbuild.sysclasspath=first dist
+%ant -Dbuild.sysclasspath=first dist
 
 %install
 # jars
 install -d -m 755 %{buildroot}%{_javadir}
-install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{name}.jar
+install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{name}-%{version}.jar
 
 pushd %{buildroot}%{_javadir}
+ln -s %{name}-%{version}.jar %{name}.jar
 for jar in *.jar; do
     ln -sf ${jar} `echo $jar| sed "s|apache-||g"`
 done
 popd # come back from javadir
 
+# poms
 install -d -m 755 %{buildroot}%{_mavenpomdir}
-install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
+install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}-%{version}.pom
+%add_maven_depmap %{name}-%{version}.pom %{name}-%{version}.jar -a "%{short_name}:%{short_name}-core,%{short_name}:%{short_name}-bean-collections"
 
 # javadoc
 install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
 cp -pr dist/docs/api/* %{buildroot}%{_javadocdir}/%{name}
+%fdupes -s %{buildroot}%{_javadocdir}/%{name}
 
 %files
 %defattr(0644,root,root,0755)
-%doc LICENSE.txt NOTICE.txt RELEASE-NOTES.txt
+%license LICENSE.txt
+%doc NOTICE.txt RELEASE-NOTES.txt
 %{_javadir}/*
-%{_mavenpomdir}/JPP-%{name}.pom
+%{_mavenpomdir}/*
+%if %{defined _maven_repository}
+%{_mavendepmapfragdir}/%{name}
+%else
+%{_datadir}/maven-metadata/%{name}.xml*
+%endif
 
 %files javadoc
 %defattr(0644,root,root,0755)
Index: jdk9.patch
===================================================================
--- jdk9.patch (revision 1)
+++ jdk9.patch (revision 14)
@@ -1,15 +1,17 @@
---- commons-beanutils-1.9.2-src/build.xml	2014-05-25 19:24:55.000000000 +0200
-+++ commons-beanutils-1.9.2-src/build.xml	2017-09-14 10:40:26.676525095 +0200
+Index: commons-beanutils-1.9.3-src/build.xml
+===================================================================
+--- commons-beanutils-1.9.3-src.orig/build.xml
++++ commons-beanutils-1.9.3-src/build.xml
 @@ -62,10 +62,10 @@
- 
- 
-   <!-- Compiler source JDK version -->
--  <property name="compile.source"          value="1.5"/>
-+  <property name="compile.source"          value="1.6"/>
- 
-   <!-- Compiler target JDK version -->
--  <property name="compile.target"          value="1.5"/>
-+  <property name="compile.target"          value="1.6"/>
- 
-   <!-- Should Java compilations set the 'debug' compiler option? -->
-   <property name="compile.debug"           value="true"/>
+ 
+ 
+   <!-- Compiler source JDK version -->
+-  <property name="compile.source"          value="1.5"/>
++  <property name="compile.source"          value="8"/>
+ 
+   <!-- Compiler target JDK version -->
+-  <property name="compile.target"          value="1.5"/>
++  <property name="compile.target"          value="8"/>
+ 
+   <!-- Should Java compilations set the 'debug' compiler option? -->
+   <property name="compile.debug"           value="true"/>
Index: apache-commons-beanutils-fix-build-version.patch
===================================================================
--- apache-commons-beanutils-fix-build-version.patch (added)
+++ apache-commons-beanutils-fix-build-version.patch (revision 14)
@@ -0,0 +1,13 @@
+Index: commons-beanutils-1.9.4-src/build.xml
+===================================================================
+--- commons-beanutils-1.9.4-src.orig/build.xml
++++ commons-beanutils-1.9.4-src/build.xml
+@@ -43,7 +43,7 @@
+   <property name="component.title"         value="Bean Introspection Utilities"/>
+ 
+   <!-- The current version number of this component -->
+-  <property name="component.version"       value="1.9.3-SNAPSHOT"/>
++  <property name="component.version"       value="1.9.4"/>
+ 
+   <!-- The base directory for compilation targets -->
+   <property name="build.home"              value="target"/>
Index: commons-beanutils-1.9.4-src.tar.gz
===================================================================
Binary file commons-beanutils-1.9.4-src.tar.gz (revision 14) added
Index: commons-beanutils-1.9.4-src.tar.gz.asc
===================================================================
--- commons-beanutils-1.9.4-src.tar.gz.asc (added)
+++ commons-beanutils-1.9.4-src.tar.gz.asc (revision 14)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEtuc9hOpPzEcWYIclP6rSzV7LsxQFAl0+HtQACgkQP6rSzV7L
+sxSeOA//WJ8qCJV5F3UGky4Ycp8Ihdb9j3ixZt68dLhcC0URw/aIwprn6F03/UFh
+8MFbXrjZtqa2CBJ4G+Af0H7l0ZjQ6bG4VY/tALHhUUdq+jKAHD7nZq61UTkR5wDo
+qDYPcazlfpjI+9pZnxe6JeoKL5O5ph3n9uzWnrt0JP56kzY8OU0Y4tNFzSFqCu1H
+tKyYBFbCJAAtwMBT5dFF48ExjMGLkIGPveBnef6UtMNoGlT7TH8ixb6NmktZfj8l
+oIdRI8Hk+zGpP/xiqTIhs7Z3uZ/kZJXOn6dPWTKsR3tEK8uqA+NCHVtPGMs0/trU
+kcyQGtKKoHWk6W5xuEq0BJK+BEdWtEdnvwLFVkow5+i/Y/ezfvnE7bWL1MeYDrYM
+pbvuuCGGRkk/XKSCkb81+6W3+ID3lF+4JS85Ny+zPfMH4CqUYNmeYJ5qE8qpRC0M
+rxiA0s+nMBWsNVt3PUE36zep1JDnCwacMryITj6g88wsRY8Mo3TU5TLTkoYne4At
+9PdCgdDrYMCYJlo5OPPy3k7mrbLBy8J4IfTPjAPzHXpXqvidPHLVGVg/T/QsXJAh
+nNG0/2CQhPplJtm0fLQRkLYHA8kp4qvjACQGGu7zW8HliZNYeDdJy9M2LNdWstn6
+xMWPp7UxgvFly8u4WEEk0Yox/EVT4O1Lc8kQgJF2RdU0KOQGaD4=
+=yvPn
+-----END PGP SIGNATURE-----
Index: apache-commons-beanutils-CVE-2019-10086.patch
===================================================================
--- apache-commons-beanutils-CVE-2019-10086.patch (revision 1)
+++ apache-commons-beanutils-CVE-2019-10086.patch (deleted)
@@ -1,124 +0,0 @@
-From dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 Mon Sep 17 00:00:00 2001
-From: Melloware <mellowaredev@gmail.com>
-Date: Tue, 28 May 2019 08:31:14 -0400
-Subject: [PATCH] BEANUTILS-520: Mitigate CVE-2014-0114 by enabling
- SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)
-
-Squash and merge.
----
- .../commons/beanutils/PropertyUtilsBean.java |  1 +
- .../BeanIntrospectionDataTestCase.java        |  1 +
- .../beanutils/bugs/Jira157TestCase.java      |  7 +++
- .../beanutils/bugs/Jira520TestCase.java      | 55 +++++++++++++++++++
- 4 files changed, 64 insertions(+)
- create mode 100644 src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java
-
-Index: commons-beanutils-1.9.2-src/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java
-===================================================================
---- commons-beanutils-1.9.2-src.orig/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java
-+++ commons-beanutils-1.9.2-src/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java
-@@ -188,6 +188,7 @@ public class PropertyUtilsBean {
-     public final void resetBeanIntrospectors() {
-         introspectors.clear();
-         introspectors.add(DefaultBeanIntrospector.INSTANCE);
-+        introspectors.add(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
-     }
- 
-     /**
-Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java
-===================================================================
---- commons-beanutils-1.9.2-src.orig/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java
-+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java
-@@ -42,6 +42,7 @@ public class BeanIntrospectionDataTestCa
-      */
-     private static PropertyDescriptor[] fetchDescriptors() {
-         PropertyUtilsBean pub = new PropertyUtilsBean();
-+        pub.removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
-         pub.addBeanIntrospector(new FluentPropertyBeanIntrospector());
-         return pub.getPropertyDescriptors(BEAN_CLASS);
-     }
-Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java
-===================================================================
---- commons-beanutils-1.9.2-src.orig/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java
-+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java
-@@ -24,6 +24,9 @@ import junit.framework.TestCase;
- import junit.framework.TestSuite;
- 
- import org.apache.commons.beanutils.BeanUtils;
-+import org.apache.commons.beanutils.BeanUtilsBean;
-+import org.apache.commons.beanutils.PropertyUtilsBean;
-+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector;
- import org.apache.commons.logging.Log;
- import org.apache.commons.logging.LogFactory;
- 
-@@ -74,6 +77,10 @@ public class Jira157TestCase extends Tes
-     @Override
-     protected void setUp() throws Exception {
-         super.setUp();
-+
-+        BeanUtilsBean custom = new BeanUtilsBean();
-+        custom.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
-+        BeanUtilsBean.setInstance(custom);
-     }
- 
-     /**
-Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java
-===================================================================
---- /dev/null
-+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java
-@@ -0,0 +1,55 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements.  See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License.  You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.commons.beanutils.bugs;
-+
-+import org.apache.commons.beanutils.AlphaBean;
-+import org.apache.commons.beanutils.BeanUtilsBean;
-+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector;
-+
-+import junit.framework.TestCase;
-+
-+/**
-+ * Fix CVE: https://nvd.nist.gov/vuln/detail/CVE-2014-0114
-+ *
-+ * @see <a href="https://issues.apache.org/jira/browse/BEANUTILS-520">https://issues.apache.org/jira/browse/BEANUTILS-520</a>
-+ */
-+public class Jira520TestCase extends TestCase {
-+    /**
-+     * By default opt-in to security that does not allow access to "class".
-+     */
-+    public void testSuppressClassPropertyByDefault() throws Exception {
-+        final BeanUtilsBean bub = new BeanUtilsBean();
-+        final AlphaBean bean = new AlphaBean();
-+        try {
-+            bub.getProperty(bean, "class");
-+            fail("Could access class property!");
-+        } catch (final NoSuchMethodException ex) {
-+            // ok
-+        }
-+    }
-+
-+    /**
-+     * Allow opt-out to make your app less secure but allow access to "class".
-+     */
-+    public void testAllowAccessToClassProperty() throws Exception {
-+        final BeanUtilsBean bub = new BeanUtilsBean();
-+        bub.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
-+        final AlphaBean bean = new AlphaBean();
-+        String result = bub.getProperty(bean, "class");
-+        assertEquals("Class property should have been accessed", "class org.apache.commons.beanutils.AlphaBean", result);
-+    }
-+}
Index: commons-beanutils-1.9.2-src.tar.gz
===================================================================
Binary file commons-beanutils-1.9.2-src.tar.gz (revision 1) deleted
Comments 0
openSUSE Build Service is sponsored by