apache-commons-beanutils
No description set
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP2:GA/apache-commons-beanutils && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
apache-commons-beanutils-fix-build-version.patch | 0000000609 609 Bytes | |
apache-commons-beanutils.changes | 0000006194 6.05 KB | |
apache-commons-beanutils.spec | 0000003988 3.89 KB | |
commons-beanutils-1.9.4-src.tar.gz | 0000412606 403 KB | |
commons-beanutils-1.9.4-src.tar.gz.asc | 0000000833 833 Bytes | |
jdk9.patch | 0000000667 667 Bytes |
Latest Revision
Frederic Crozat (fcrozat)
committed
(revision 2)
maven jsc#SLE-8786 dropped SLE patch: Added apache-commons-beanutils-CVE-2019-10086.patch the same change is already in the Factory changelog, without a patch but with a version bump, CVE and bsc are preserved. Changelog can't be fully incremental in that case, but this is not a problem old: SUSE:SLE-15-SP2:GA/apache-commons-beanutils new: openSUSE.org:openSUSE:Factory/apache-commons-beanutils rev 14 Index: apache-commons-beanutils.changes =================================================================== --- apache-commons-beanutils.changes (revision 1) +++ apache-commons-beanutils.changes (revision 14) @@ -1,10 +1,79 @@ ------------------------------------------------------------------- -Wed Aug 21 14:34:18 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> +Mon Oct 7 07:22:44 UTC 2019 - Fridrich Strba <fstrba@suse.com> +- Add aliases to account for the ephemeral commons-beanutils-core + and commons-beanutils-bean-collections split. + +------------------------------------------------------------------- +Thu Oct 3 08:16:19 UTC 2019 - Fridrich Strba <fstrba@suse.com> + +- Remove reference to parent pom, since it is not needed when not + building with maven + +------------------------------------------------------------------- +Wed Aug 21 14:56:26 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> + +- Update to 1.9.4 + * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114 - Security fix: [bsc#1146657, CVE-2019-10086] * PropertyUtilsBean (and consequently BeanUtilsBean) now disallows class level property access by default, thus protecting against CVE-2014-0114. - * Added apache-commons-beanutils-CVE-2019-10086.patch +- Fix build version in build.xml + * Added apache-commons-beanutils-fix-build-version.patch + +------------------------------------------------------------------- +Tue Oct 23 17:30:33 UTC 2018 - Fridrich Strba <fstrba@suse.com> + +- Cleanup the maven pom files installation + +------------------------------------------------------------------- +Fri Sep 21 07:44:23 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com> + +- Fix the Source URLs to use mirrors properly + +------------------------------------------------------------------- +Thu Sep 20 10:45:41 UTC 2018 - pmonrealgonzalez@suse.com + +- Updated to 1.9.3 + * This is a bug fix release, which also improves the tests for + building on Java 8. + * Note that Java 8 and later no longer support indexed bean + properties on java.util.List, only on arrays like String[]. + (BEANUTILS-492). This affects PropertyUtils.getPropertyType() + and PropertyUtils.getPropertyDescriptor(); their javadoc have + therefore been updated to reflect this change in the JDK. + * Changes in this version include: + - Fixed Bugs: + * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector + * BEANUTILS-492: Fixed exception when setting indexed properties + on DynaBeans. + * BEANUTILS-470: Precision lost when converting BigDecimal. + * BEANUTILS-465: Indexed List Setters fixed. + - Changes: + * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12. + * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2. + * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the + same naming algorithm as DefaultBeanIntrospector. + * BEANUTILS-490: Update Java requirement from Java 5 to 6. + * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2 + (CVE-2015-4852). + * BEANUTILS-490: Update java requirement to Java 6. + * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8. + * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9. + * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9. + - Historical list of changes: + http://commons.apache.org/proper/commons-beanutils/changes-report.html + +- Refreshed patch jdk9.patch for this version update + +------------------------------------------------------------------- +Tue May 15 06:03:11 UTC 2018 - fstrba@suse.com + +- Modified patch: + * jdk9.patch + + Build with source and target 8 to prepare for a possible + removal of 1.6 compatibility +- Run fdupes on documentation ------------------------------------------------------------------- Thu Sep 14 09:25:26 UTC 2017 - fstrba@suse.com Index: apache-commons-beanutils.spec =================================================================== --- apache-commons-beanutils.spec (revision 1) +++ apache-commons-beanutils.spec (revision 14) @@ -19,18 +19,21 @@ %define base_name beanutils %define short_name commons-%{base_name} Name: apache-commons-beanutils -Version: 1.9.2 +Version: 1.9.4 Release: 0 Summary: Utility methods for accessing and modifying the properties of JavaBeans License: Apache-2.0 -Group: Development/Libraries/Java -Url: http://commons.apache.org/beanutils -Source0: commons-beanutils-%{version}-src.tar.gz +URL: https://commons.apache.org/beanutils +Source0: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz +Source1: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz.asc Patch0: jdk9.patch -Patch1: apache-commons-beanutils-CVE-2019-10086.patch +Patch1: apache-commons-beanutils-fix-build-version.patch BuildRequires: ant BuildRequires: commons-collections BuildRequires: commons-logging +BuildRequires: fdupes +BuildRequires: javapackages-local +BuildRequires: javapackages-tools BuildRequires: xml-commons-apis Requires: commons-collections >= 2.0 Requires: commons-logging >= 1.0 @@ -38,7 +41,6 @@ Obsoletes: %{short_name} < %{version}-%{release} Provides: jakarta-%{short_name} = %{version}-%{release} Obsoletes: jakarta-%{short_name} < %{version}-%{release} -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %description @@ -49,7 +51,6 @@ %package javadoc Summary: Javadoc for jakarta-commons-beanutils -Group: Development/Libraries/Java %description javadoc The scope of the Jakarta Commons BeanUtils Package is to create a @@ -68,33 +69,45 @@ # bug in ant build touch README.txt +%{pom_remove_parent} + %build export CLASSPATH=%(build-classpath commons-collections commons-logging) -ant -Dbuild.sysclasspath=first dist +%ant -Dbuild.sysclasspath=first dist %install # jars install -d -m 755 %{buildroot}%{_javadir} -install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{name}.jar +install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{name}-%{version}.jar pushd %{buildroot}%{_javadir} +ln -s %{name}-%{version}.jar %{name}.jar for jar in *.jar; do ln -sf ${jar} `echo $jar| sed "s|apache-||g"` done popd # come back from javadir +# poms install -d -m 755 %{buildroot}%{_mavenpomdir} -install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom +install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}-%{version}.pom +%add_maven_depmap %{name}-%{version}.pom %{name}-%{version}.jar -a "%{short_name}:%{short_name}-core,%{short_name}:%{short_name}-bean-collections" # javadoc install -d -m 755 %{buildroot}%{_javadocdir}/%{name} cp -pr dist/docs/api/* %{buildroot}%{_javadocdir}/%{name} +%fdupes -s %{buildroot}%{_javadocdir}/%{name} %files %defattr(0644,root,root,0755) -%doc LICENSE.txt NOTICE.txt RELEASE-NOTES.txt +%license LICENSE.txt +%doc NOTICE.txt RELEASE-NOTES.txt %{_javadir}/* -%{_mavenpomdir}/JPP-%{name}.pom +%{_mavenpomdir}/* +%if %{defined _maven_repository} +%{_mavendepmapfragdir}/%{name} +%else +%{_datadir}/maven-metadata/%{name}.xml* +%endif %files javadoc %defattr(0644,root,root,0755) Index: jdk9.patch =================================================================== --- jdk9.patch (revision 1) +++ jdk9.patch (revision 14) @@ -1,15 +1,17 @@ ---- commons-beanutils-1.9.2-src/build.xml 2014-05-25 19:24:55.000000000 +0200 -+++ commons-beanutils-1.9.2-src/build.xml 2017-09-14 10:40:26.676525095 +0200 +Index: commons-beanutils-1.9.3-src/build.xml +=================================================================== +--- commons-beanutils-1.9.3-src.orig/build.xml ++++ commons-beanutils-1.9.3-src/build.xml @@ -62,10 +62,10 @@ - - - <!-- Compiler source JDK version --> -- <property name="compile.source" value="1.5"/> -+ <property name="compile.source" value="1.6"/> - - <!-- Compiler target JDK version --> -- <property name="compile.target" value="1.5"/> -+ <property name="compile.target" value="1.6"/> - - <!-- Should Java compilations set the 'debug' compiler option? --> - <property name="compile.debug" value="true"/> + + + <!-- Compiler source JDK version --> +- <property name="compile.source" value="1.5"/> ++ <property name="compile.source" value="8"/> + + <!-- Compiler target JDK version --> +- <property name="compile.target" value="1.5"/> ++ <property name="compile.target" value="8"/> + + <!-- Should Java compilations set the 'debug' compiler option? --> + <property name="compile.debug" value="true"/> Index: apache-commons-beanutils-fix-build-version.patch =================================================================== --- apache-commons-beanutils-fix-build-version.patch (added) +++ apache-commons-beanutils-fix-build-version.patch (revision 14) @@ -0,0 +1,13 @@ +Index: commons-beanutils-1.9.4-src/build.xml +=================================================================== +--- commons-beanutils-1.9.4-src.orig/build.xml ++++ commons-beanutils-1.9.4-src/build.xml +@@ -43,7 +43,7 @@ + <property name="component.title" value="Bean Introspection Utilities"/> + + <!-- The current version number of this component --> +- <property name="component.version" value="1.9.3-SNAPSHOT"/> ++ <property name="component.version" value="1.9.4"/> + + <!-- The base directory for compilation targets --> + <property name="build.home" value="target"/> Index: commons-beanutils-1.9.4-src.tar.gz =================================================================== Binary file commons-beanutils-1.9.4-src.tar.gz (revision 14) added Index: commons-beanutils-1.9.4-src.tar.gz.asc =================================================================== --- commons-beanutils-1.9.4-src.tar.gz.asc (added) +++ commons-beanutils-1.9.4-src.tar.gz.asc (revision 14) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEtuc9hOpPzEcWYIclP6rSzV7LsxQFAl0+HtQACgkQP6rSzV7L +sxSeOA//WJ8qCJV5F3UGky4Ycp8Ihdb9j3ixZt68dLhcC0URw/aIwprn6F03/UFh +8MFbXrjZtqa2CBJ4G+Af0H7l0ZjQ6bG4VY/tALHhUUdq+jKAHD7nZq61UTkR5wDo +qDYPcazlfpjI+9pZnxe6JeoKL5O5ph3n9uzWnrt0JP56kzY8OU0Y4tNFzSFqCu1H +tKyYBFbCJAAtwMBT5dFF48ExjMGLkIGPveBnef6UtMNoGlT7TH8ixb6NmktZfj8l +oIdRI8Hk+zGpP/xiqTIhs7Z3uZ/kZJXOn6dPWTKsR3tEK8uqA+NCHVtPGMs0/trU +kcyQGtKKoHWk6W5xuEq0BJK+BEdWtEdnvwLFVkow5+i/Y/ezfvnE7bWL1MeYDrYM +pbvuuCGGRkk/XKSCkb81+6W3+ID3lF+4JS85Ny+zPfMH4CqUYNmeYJ5qE8qpRC0M +rxiA0s+nMBWsNVt3PUE36zep1JDnCwacMryITj6g88wsRY8Mo3TU5TLTkoYne4At +9PdCgdDrYMCYJlo5OPPy3k7mrbLBy8J4IfTPjAPzHXpXqvidPHLVGVg/T/QsXJAh +nNG0/2CQhPplJtm0fLQRkLYHA8kp4qvjACQGGu7zW8HliZNYeDdJy9M2LNdWstn6 +xMWPp7UxgvFly8u4WEEk0Yox/EVT4O1Lc8kQgJF2RdU0KOQGaD4= +=yvPn +-----END PGP SIGNATURE----- Index: apache-commons-beanutils-CVE-2019-10086.patch =================================================================== --- apache-commons-beanutils-CVE-2019-10086.patch (revision 1) +++ apache-commons-beanutils-CVE-2019-10086.patch (deleted) @@ -1,124 +0,0 @@ -From dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 Mon Sep 17 00:00:00 2001 -From: Melloware <mellowaredev@gmail.com> -Date: Tue, 28 May 2019 08:31:14 -0400 -Subject: [PATCH] BEANUTILS-520: Mitigate CVE-2014-0114 by enabling - SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7) - -Squash and merge. ---- - .../commons/beanutils/PropertyUtilsBean.java | 1 + - .../BeanIntrospectionDataTestCase.java | 1 + - .../beanutils/bugs/Jira157TestCase.java | 7 +++ - .../beanutils/bugs/Jira520TestCase.java | 55 +++++++++++++++++++ - 4 files changed, 64 insertions(+) - create mode 100644 src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java - -Index: commons-beanutils-1.9.2-src/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java -=================================================================== ---- commons-beanutils-1.9.2-src.orig/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java -+++ commons-beanutils-1.9.2-src/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java -@@ -188,6 +188,7 @@ public class PropertyUtilsBean { - public final void resetBeanIntrospectors() { - introspectors.clear(); - introspectors.add(DefaultBeanIntrospector.INSTANCE); -+ introspectors.add(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS); - } - - /** -Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java -=================================================================== ---- commons-beanutils-1.9.2-src.orig/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java -+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/BeanIntrospectionDataTestCase.java -@@ -42,6 +42,7 @@ public class BeanIntrospectionDataTestCa - */ - private static PropertyDescriptor[] fetchDescriptors() { - PropertyUtilsBean pub = new PropertyUtilsBean(); -+ pub.removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS); - pub.addBeanIntrospector(new FluentPropertyBeanIntrospector()); - return pub.getPropertyDescriptors(BEAN_CLASS); - } -Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java -=================================================================== ---- commons-beanutils-1.9.2-src.orig/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java -+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira157TestCase.java -@@ -24,6 +24,9 @@ import junit.framework.TestCase; - import junit.framework.TestSuite; - - import org.apache.commons.beanutils.BeanUtils; -+import org.apache.commons.beanutils.BeanUtilsBean; -+import org.apache.commons.beanutils.PropertyUtilsBean; -+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector; - import org.apache.commons.logging.Log; - import org.apache.commons.logging.LogFactory; - -@@ -74,6 +77,10 @@ public class Jira157TestCase extends Tes - @Override - protected void setUp() throws Exception { - super.setUp(); -+ -+ BeanUtilsBean custom = new BeanUtilsBean(); -+ custom.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS); -+ BeanUtilsBean.setInstance(custom); - } - - /** -Index: commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java -=================================================================== ---- /dev/null -+++ commons-beanutils-1.9.2-src/src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java -@@ -0,0 +1,55 @@ -+/* -+ * Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+package org.apache.commons.beanutils.bugs; -+ -+import org.apache.commons.beanutils.AlphaBean; -+import org.apache.commons.beanutils.BeanUtilsBean; -+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector; -+ -+import junit.framework.TestCase; -+ -+/** -+ * Fix CVE: https://nvd.nist.gov/vuln/detail/CVE-2014-0114 -+ * -+ * @see <a href="https://issues.apache.org/jira/browse/BEANUTILS-520">https://issues.apache.org/jira/browse/BEANUTILS-520</a> -+ */ -+public class Jira520TestCase extends TestCase { -+ /** -+ * By default opt-in to security that does not allow access to "class". -+ */ -+ public void testSuppressClassPropertyByDefault() throws Exception { -+ final BeanUtilsBean bub = new BeanUtilsBean(); -+ final AlphaBean bean = new AlphaBean(); -+ try { -+ bub.getProperty(bean, "class"); -+ fail("Could access class property!"); -+ } catch (final NoSuchMethodException ex) { -+ // ok -+ } -+ } -+ -+ /** -+ * Allow opt-out to make your app less secure but allow access to "class". -+ */ -+ public void testAllowAccessToClassProperty() throws Exception { -+ final BeanUtilsBean bub = new BeanUtilsBean(); -+ bub.getPropertyUtils().removeBeanIntrospector(SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS); -+ final AlphaBean bean = new AlphaBean(); -+ String result = bub.getProperty(bean, "class"); -+ assertEquals("Class property should have been accessed", "class org.apache.commons.beanutils.AlphaBean", result); -+ } -+} Index: commons-beanutils-1.9.2-src.tar.gz =================================================================== Binary file commons-beanutils-1.9.2-src.tar.gz (revision 1) deleted
Comments 0