diff --git a/0001-Adapt-build.patch b/0001-Adapt-build.patch index 87e9f3b11c4a5e69685433b4954a2e04b8cbdc99..53d0362fbd1aaabb2313821e4660a7c2d5ab3581 100644 --- a/0001-Adapt-build.patch +++ b/0001-Adapt-build.patch @@ -1,14 +1,14 @@ -From 05a8a2fa49e92ad36a86d5d73588a2e46bf9ff95 Mon Sep 17 00:00:00 2001 -From: Michael Simacek -Date: Mon, 23 Jul 2018 14:30:14 +0200 +From cf7e676edc7ab9d4b8b130ca4d8ecbd291995dea Mon Sep 17 00:00:00 2001 +From: Mikolaj Izdebski +Date: Mon, 20 Apr 2020 09:29:12 +0200 Subject: [PATCH] Adapt build --- - build.xml | 40 +++++++++++++++++++++++++--------------- - 1 file changed, 25 insertions(+), 15 deletions(-) + build.xml | 61 +++---------------------------------------------------- + 1 file changed, 3 insertions(+), 58 deletions(-) diff --git a/build.xml b/build.xml -index cd7c2ed..10d8df6 100644 +index ed632c2..d80abff 100644 --- a/build.xml +++ b/build.xml @@ -112,17 +112,7 @@ For instructions on how to build JDOM, please view the README.txt file. @@ -26,76 +26,94 @@ index cd7c2ed..10d8df6 100644 - - - -+ ++ -@@ -289,6 +279,7 @@ For instructions on how to build JDOM, please view the README.txt file. - header="<b>${Name}<br><font size='-1'>${version}</font></b>" - bottom="Copyright © ${year} Jason Hunter, Brett McLaughlin. All Rights Reserved."> - -+ - +@@ -296,7 +286,7 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- + + +@@ -316,27 +306,6 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- -@@ -373,11 +364,11 @@ For instructions on how to build JDOM, please view the README.txt file. - - -- -+ + +@@ -505,7 +474,7 @@ For instructions on how to build JDOM, please view the README.txt file. + - - -@@ -401,6 +392,7 @@ For instructions on how to build JDOM, please view the README.txt file. - - - -+ - + +- + + +@@ -517,8 +486,6 @@ For instructions on how to build JDOM, please view the README.txt file. + + + +- +- - -@@ -528,7 +520,25 @@ For instructions on how to build JDOM, please view the README.txt file. + + +@@ -532,28 +499,6 @@ For instructions on how to build JDOM, please view the README.txt file. + - +- - -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - +- +- +- +- +- +- +- +- +- +- +- +- +- +- + + + -- -2.17.1 +2.37.2 diff --git a/CVE-2021-33813-1.patch b/CVE-2021-33813-1.patch deleted file mode 100644 index 85e38a2a23a6bf5daace6bde3eb0ac2e9dbfe8a0..0000000000000000000000000000000000000000 --- a/CVE-2021-33813-1.patch +++ /dev/null @@ -1,69 +0,0 @@ -From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001 -From: Esti -Date: Thu, 18 Feb 2021 16:40:01 +0200 -Subject: [PATCH] fix setFeature bug and add test case - ---- - core/src/java/org/jdom2/input/SAXBuilder.java | 10 ++++------ - .../test/cases/input/TestSAXBuilder.java | 20 +++++++++++++++++++ - 2 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java -index d7105ec6..a1462334 100644 ---- a/core/src/java/org/jdom2/input/SAXBuilder.java -+++ b/core/src/java/org/jdom2/input/SAXBuilder.java -@@ -971,11 +971,6 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH - } - } - -- // Set any user-specified features on the parser. -- for (final Map.Entry me : features.entrySet()) { -- internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey()); -- } -- - // Set any user-specified properties on the parser. - for (final Map.Entry me : properties.entrySet()) { - internalSetProperty(parser, me.getKey(), me.getValue(), me.getKey()); -@@ -1007,7 +1002,10 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH - // No lexical reporting available - } - } -- -+ // Set any user-specified features on the parser. -+ for (final Map.Entry me : features.entrySet()) { -+ internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey()); -+ } - } - - /** -diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java -index 4ef34834..a69380ba 100644 ---- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java -+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java -@@ -600,6 +600,26 @@ public void testSetFeature() { - } - } - -+ @Test -+ public void testSetExternalFeature() { -+ String feature = "http://xml.org/sax/features/external-general-entities"; -+ MySAXBuilder sb = new MySAXBuilder(); -+ try { -+ sb.setFeature(feature, true); -+ XMLReader reader = sb.createParser(); -+ assertNotNull(reader); -+ assertTrue(reader.getFeature(feature)); -+ sb.setFeature(feature, false); -+ reader = sb.createParser(); -+ assertNotNull(reader); -+ assertFalse(reader.getFeature(feature)); -+ -+ } catch (Exception e) { -+ e.printStackTrace(); -+ fail("Could not create parser: " + e.getMessage()); -+ } -+ } -+ - @Test - public void testSetProperty() { - LexicalHandler lh = new LexicalHandler() { diff --git a/CVE-2021-33813-2.patch b/CVE-2021-33813-2.patch deleted file mode 100644 index 06ac7493cabe91bb9d266454322f620220af34fe..0000000000000000000000000000000000000000 --- a/CVE-2021-33813-2.patch +++ /dev/null @@ -1,34 +0,0 @@ -From dd4f3c2fc7893edd914954c73eb577f925a7d361 Mon Sep 17 00:00:00 2001 -From: Rolf Lear -Date: Thu, 1 Jul 2021 23:42:05 -0400 -Subject: [PATCH] Addresses #189 - synchronizes external entity expansion - setting - ---- - core/src/java/org/jdom2/input/SAXBuilder.java | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java -index a1462334..514b026d 100644 ---- a/core/src/java/org/jdom2/input/SAXBuilder.java -+++ b/core/src/java/org/jdom2/input/SAXBuilder.java -@@ -82,6 +82,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - import org.jdom2.DocType; - import org.jdom2.Document; - import org.jdom2.EntityRef; -+import org.jdom2.JDOMConstants; - import org.jdom2.JDOMException; - import org.jdom2.JDOMFactory; - import org.jdom2.Verifier; -@@ -797,6 +798,11 @@ public void setFastReconfigure(final boolean fastReconfigure) { - public void setFeature(final String name, final boolean value) { - // Save the specified feature for later. - features.put(name, value ? Boolean.TRUE : Boolean.FALSE); -+ if (JDOMConstants.SAX_FEATURE_EXTERNAL_ENT.equals(name)) { -+ // See issue https://github.com/hunterhacker/jdom/issues/189 -+ // And PR https://github.com/hunterhacker/jdom/pull/188 -+ setExpandEntities(value); -+ } - engine = null; - } - diff --git a/JDOM-2.0.6.tar.gz b/JDOM-2.0.6.tar.gz deleted file mode 100644 index 90abad64642e798093309e0a3242b4ba51f54094..0000000000000000000000000000000000000000 Binary files a/JDOM-2.0.6.tar.gz and /dev/null differ diff --git a/generate-tarball.sh b/generate-tarball.sh new file mode 100644 index 0000000000000000000000000000000000000000..a3cc413343402763e2838cedf43840b234bf930a --- /dev/null +++ b/generate-tarball.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +name=jdom2 +version="$(sed -n 's/Version:\s*//p' *.spec)" + +# RETRIEVE +wget "https://github.com/hunterhacker/jdom/archive/JDOM-${version}.tar.gz" -O "${name}-${version}.orig.tar.gz" + +rm -rf tarball-tmp +mkdir tarball-tmp +pushd tarball-tmp +tar xf "../${name}-${version}.orig.tar.gz" + +# CLEAN TARBALL +rm -r */lib */*/lib +find -name '*.jar' -delete +find -name '*.class' -delete + +tar -czf "../${name}-${version}.tar.gz" * +popd +rm -r tarball-tmp "${name}-${version}.orig.tar.gz" diff --git a/jdom-contrib-template.pom b/jdom-contrib-template.pom deleted file mode 100644 index d719410ef98c60b5aa40694bc77b25e8220568ec..0000000000000000000000000000000000000000 --- a/jdom-contrib-template.pom +++ /dev/null @@ -1,96 +0,0 @@ - - 4.0.0 - org.jdom - @artifactID@-contrib - jar - - JDOM Contrib - @version@ - - - A complete, Java-based solution for accessing, manipulating, - and outputting XML data - - http://www.jdom.org - - - JDOM - http://www.jdom.org - - - - - JDOM-interest Mailing List - jdom-interest@jdom.org - http://jdom.markmail.org/ - - - - - - Similar to Apache License but with the acknowledgment clause removed - https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt - repo - - - - - - git@github.com:/hunterhacker/jdom - scm:git:git@github.com:hunterhacker/jdom - scm:git:git@github.com:hunterhacker/jdom - - - - - hunterhacker - Jason Hunter - jhunter@servlets.com - - - rolfl - Rolf Lear - jdom@tuis.net - - - - - - org.jdom - @artifactID@ - @version@ - - - jaxen - jaxen - 1.1.4 - true - - - xerces - xercesImpl - 2.10.0 - true - - - isorelax - isorelax - 20030108 - true - - - stax - stax-api - 1.0.1 - true - - - - - @jdk@ - - \ No newline at end of file diff --git a/jdom-junit-template.pom b/jdom-junit-template.pom deleted file mode 100644 index 70c6554704bdf01eecdfae720896ec3321bcd596..0000000000000000000000000000000000000000 --- a/jdom-junit-template.pom +++ /dev/null @@ -1,120 +0,0 @@ - - 4.0.0 - org.jdom - @artifactID@-junit - jar - - JDOM Junit - @version@ - - - A complete, Java-based solution for accessing, manipulating, - and outputting XML data - - http://www.jdom.org - - - JDOM - http://www.jdom.org - - - - - JDOM-interest Mailing List - jdom-interest@jdom.org - http://jdom.markmail.org/ - - - - - - Similar to Apache License but with the acknowledgment clause removed - https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt - repo - - - - - - git@github.com:/hunterhacker/jdom - scm:git:git@github.com:hunterhacker/jdom - scm:git:git@github.com:hunterhacker/jdom - - - - - hunterhacker - Jason Hunter - jhunter@servlets.com - - - rolfl - Rolf Lear - jdom@tuis.net - - - - - - org.jdom - @artifactID@ - @version@ - - - jaxen - jaxen - 1.1.4 - true - - - xerces - xercesImpl - 2.10.0 - true - - - junit - junit - 4.11 - true - - - asm - asm - 3.3.1 - true - - - asm - asm-tree - 3.3.1 - true - - - log4j - log4j - 1.2.17 - true - - - net.sourceforge.cobertura - cobertura - 1.9.4.1 - true - - - net.sourceforge.cobertura - cobertura-runtime - 1.9.4.1 - true - - - - - @jdk@ - - \ No newline at end of file diff --git a/jdom2-2.0.6.1.tar.gz b/jdom2-2.0.6.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..db0a4748401eeb9715df1f83a656ae71c03e7add Binary files /dev/null and b/jdom2-2.0.6.1.tar.gz differ diff --git a/jdom2.spec b/jdom2.spec index 53678609d75e60519ebf5b3eea7c676184baf25b..edfa00295f15176250d76b278821e82a05f47644 100644 --- a/jdom2.spec +++ b/jdom2.spec @@ -1,19 +1,17 @@ Name: jdom2 -Version: 2.0.6 -Release: 16 +Version: 2.0.6.1 +Release: 1 Summary: Classes representing the components of an XML document License: Saxpath URL: http://www.jdom.org/ BuildArch: noarch -Source0: https://github.com/hunterhacker/jdom/archive/JDOM-2.0.6.tar.gz -Source1: jdom-contrib-template.pom -Source2: jdom-junit-template.pom -Source3: bnd.properties +# ./generate-tarball.sh +Source0: %{name}-%{version}.tar.gz +Source1: bnd.properties +# Remove bundled jars that might not have clear licensing +Source2: generate-tarball.sh + Patch0001: 0001-Adapt-build.patch -#https://github.com/hunterhacker/jdom/commit/bd3ab783700984919.patch -Patch0002: CVE-2021-33813-1.patch -#https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd9.patch -Patch0003: CVE-2021-33813-2.patch BuildRequires: javapackages-local ant ant-junit isorelax jaxen xalan-j2 xerces-j2 xml-commons-apis log4j12 aqute-bnd %description @@ -32,12 +30,11 @@ Obsoletes: jdom2-javadoc < %{version}-%{release} Files for help with jdom2. %prep -%autosetup -n jdom-JDOM-%{version} -p1 +%autosetup -n jdom-JDOM-%{version} -p1 + rm -rf ./contrib/lib ./lib find -name '*.jar' -delete find -name '*.class' -delete -install -D %{SOURCE1} maven/contrib.pom -install -D %{SOURCE2} maven/junit.pom sed -i.coverage "s|coverage, jars|jars|" build.xml install -d lib build-jar-repository lib xerces-j2 xml-commons-apis jaxen junit isorelax xalan-j2 xalan-j2-serializer @@ -49,24 +46,25 @@ mv build/package/jdom-%{version}.bar build/package/jdom-%{version}.jar %install %mvn_artifact build/maven/core/%{name}-%{version}.pom build/package/jdom-%{version}.jar -%mvn_artifact build/maven/core/%{name}-%{version}-contrib.pom build/package/jdom-%{version}-contrib.jar -%mvn_artifact build/maven/core/%{name}-%{version}-junit.pom build/package/jdom-%{version}-junit.jar %mvn_install -J build/apidocs %files -f .mfiles %doc LICENSE.txt %files help -f .mfiles-javadoc -%doc CHANGES.txt COMMITTERS.txt README.txt TODO.txt +%doc CHANGES.txt COMMITTERS.txt README.md TODO.txt %changelog +* Wed Dec 17 2025 xu_ping <707078654@qq.com> - 2.0.6.1-1 +- Upgrade version to 2.0.6.1 + * Wed Apr 20 2022 yaoxin - 2.0.6-16 - Fix CVE-2021-33813 * Mon Feb 14 2022 wangkai - 2.0.6-15 - Rebuild for fix log4j1.x cves -* Thu Dec 20 2020 gulining - 2.0.6-14 +* Sat Dec 20 2020 gulining - 2.0.6-14 - remove useless comment * Thu Dec 12 2019 gulining - 2.0.6-13