Overview

File apache-commons-compress.changes of Package apache-commons-compress.28016

-------------------------------------------------------------------
Mon Mar 21 08:57:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * 0003-Remove-Pack200-compressor.patch
    + Remove support for pack200 which depends on old asm3

-------------------------------------------------------------------
Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Updated to 1.21
  * When reading a specially crafted 7Z archive, the construction of
    the list of codecs that decompress an entry can result in an
    infinite loop. This could be used to mount a denial of service
    attack against services that use Compress' sevenz package.
    (CVE-2021-35515, bsc#1188463)
  * When reading a specially crafted 7Z archive, Compress can be
    made to allocate large amounts of memory that finally leads to
    an out of memory error even for very small inputs. This could
    be used to mount a denial of service attack against services
    that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
  * When reading a specially crafted TAR archive, Compress can be
    made to allocate large amounts of memory that finally leads to
    an out of memory error even for very small inputs. This could be
    used to mount a denial of service attack against services that
    use Compress' tar package. (CVE-2021-35517, bsc#1188465)
  * When reading a specially crafted ZIP archive, Compress can be
    made to allocate large amounts of memory that finally leads to
    an out of memory error even for very small inputs. This could
    be used to mount a denial of service attack against services
    that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
- New dependency on asm3 for Pack200 compressor
- Rebased patch fix_java_8_compatibility.patch to a new context and
  added some new ocurrences

-------------------------------------------------------------------
Wed Aug 28 08:57:02 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Updated to 1.19 [bsc#1148475, CVE-2019-12402]
  * ZipFile could get stuck in an infinite loop when parsing ZIP archives
    with certain strong encryption headers (CVE-2019-12402).
  * ZipArchiveInputStream and ZipFile will no longer throw an exception if
    an extra field generally understood by Commons Compress is malformed
    but rather turn them into UnrecognizedExtraField instances.  You can
    influence the way extra fields are parsed in more detail by using the
    new getExtraFields(ExtraFieldParsingBehavior) method of ZipArchiveEntry now.
  * Some of the ZIP extra fields related to strong encryption will now
    throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in
    certain cases when used directly. There is no practical difference
    when they are read via ZipArchiveInputStream or ZipFile.
  * ParallelScatterZipCreator now writes entries in the same order they have
    been added to the archive.
  * ZipArchiveInputStream and ZipFile are more forgiving when parsing extra
    fields by default now.
  * TarArchiveInputStream has a new lenient mode that may allow it to read
    certain broken archives.
- Rebased patch fix_java_8_compatibility.patch

-------------------------------------------------------------------
Mon Mar 25 17:32:03 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Remove pom parent, since we don't use it when not building with
  maven

-------------------------------------------------------------------
Sun Jan 27 16:48:58 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Add missing RPM group for %name-javadoc.

-------------------------------------------------------------------
Fri Jan 25 09:10:54 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Rename package to apache-commons-compress
  * Upgrade to version 1.18
  * Use build.xml file generated ba mvn ant:ant and simplified
    manually after
    + Allows building with ant and considerably shortens build
      cycle
- Added patches
  * 0001-Remove-Brotli-compressor.patch
    + do not build Brotli compressor, since we don't have its
      dependencies
  * 0002-Remove-ZSTD-compressor.patch
    + do not build ZSTD compressor, since we don't have its
      dependencies
  * fix_java_8_compatibility.patch
    + restore Java 8 compatibility in java.nio.ByteBuffer use

-------------------------------------------------------------------
Mon Sep 18 10:43:23 UTC 2017 - fstrba@suse.com

- Fix build with jdk9: specify java source and target 1.6
- Build also the javadoc package

-------------------------------------------------------------------
Fri May 19 16:04:30 UTC 2017 - tchvatal@suse.com

- Fix build under new javapackage-tools

-------------------------------------------------------------------
Thu Nov 29 14:57:33 UTC 2012 - mvyskocil@suse.com

- use saxon and saxon-scripts only when using maven 

-------------------------------------------------------------------
Thu May 14 16:05:37 CEST 2009 - mvyskocil@suse.cz

- 'Initial SUSE packaging from jpackage.org 5.0'
openSUSE Build Service is sponsored by
Places