From 10762d8cfd30bfdb964405574546c64573cb0101 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Apr 15 2020 12:56:37 +0000 Subject: Update to upstream 1.26 release Resolves: CVE-2017-18640 --- diff --git a/.gitignore b/.gitignore index 0101ffe..bfc51fb 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /snakeyaml-1.16.tar.bz2 /snakeyaml-1.17.tar.bz2 /snakeyaml-1.25.tar.gz +/snakeyaml-1.26.tar.gz diff --git a/0001-replace-bundled-base64coder-with-java.util.Base64.patch b/0001-replace-bundled-base64coder-with-java.util.Base64.patch index c828d78..76fa21e 100644 --- a/0001-replace-bundled-base64coder-with-java.util.Base64.patch +++ b/0001-replace-bundled-base64coder-with-java.util.Base64.patch @@ -41,15 +41,15 @@ index bd022cc..217835d 100644 import java.util.Calendar; import java.util.HashMap; import java.util.Iterator; -@@ -30,7 +31,6 @@ import java.util.regex.Matcher; - import java.util.regex.Pattern; +@@ -31,7 +32,6 @@ import java.util.regex.Pattern; + import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.error.YAMLException; -import org.yaml.snakeyaml.external.biz.base64Coder.Base64Coder; import org.yaml.snakeyaml.nodes.MappingNode; import org.yaml.snakeyaml.nodes.Node; import org.yaml.snakeyaml.nodes.NodeId; -@@ -313,7 +313,7 @@ public class SafeConstructor extends BaseConstructor { +@@ -348,7 +348,7 @@ public class SafeConstructor extends BaseConstructor { // Ignore white spaces for base64 encoded scalar String noWhiteSpaces = constructScalar((ScalarNode) node).toString().replaceAll("\\s", ""); diff --git a/0003-fix-broken-test.patch b/0003-fix-broken-test.patch deleted file mode 100644 index c2ae49e..0000000 --- a/0003-fix-broken-test.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff --git a/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java b/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java -index f8b72a1..7ed8328 100644 ---- a/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java -+++ b/src/test/java/org/yaml/snakeyaml/error/WrappedExceptionsTest.java -@@ -15,43 +15,32 @@ - */ - package org.yaml.snakeyaml.error; - --import org.hamcrest.CoreMatchers; --import org.junit.Before; --import org.junit.Rule; - import org.junit.Test; --import org.junit.rules.ExpectedException; - import org.yaml.snakeyaml.LoaderOptions; - import org.yaml.snakeyaml.Yaml; - -+import static org.junit.Assert.assertEquals; -+import static org.junit.Assert.fail; -+ - public class WrappedExceptionsTest { - - private static final String INVALID_YAML = "!!seq abc"; - -- @Rule -- public final ExpectedException expectedException = ExpectedException.none(); -- -- @Before -- public void configureExpectedExceptions() { -- expectedException.expectMessage("org.yaml.snakeyaml.nodes.ScalarNode"); -- expectedException.expectMessage("org.yaml.snakeyaml.nodes.SequenceNode"); -- } -- - @Test - public void testWrapped() { -- expectedException.expect(YAMLException.class); -- expectedException -- .expectCause(CoreMatchers. instanceOf(ClassCastException.class)); -- -- LoaderOptions options = new LoaderOptions(); -- options.setWrappedToRootException(true); -- Yaml yaml = new Yaml(options); -- yaml.load(INVALID_YAML); -+ try { -+ LoaderOptions options = new LoaderOptions(); -+ options.setWrappedToRootException(true); -+ Yaml yaml = new Yaml(options); -+ yaml.load(INVALID_YAML); -+ fail(); -+ } catch (YAMLException e) { -+ assertEquals(ClassCastException.class, e.getCause().getClass()); -+ } - } - -- @Test -+ @Test(expected = ClassCastException.class) - public void testUnWrapped() { -- expectedException.expect(ClassCastException.class); -- - LoaderOptions options = new LoaderOptions(); - options.setWrappedToRootException(false); - Yaml yaml = new Yaml(options); diff --git a/snakeyaml.spec b/snakeyaml.spec index bc689fb..fafd94d 100644 --- a/snakeyaml.spec +++ b/snakeyaml.spec @@ -1,11 +1,11 @@ -%global vertag 8450addf3473 +%global vertag e91772b1bc0b %bcond_with spring Name: snakeyaml Summary: YAML parser and emitter for Java -Version: 1.25 -Release: 4%{?dist} +Version: 1.26 +Release: 1%{?dist} License: ASL 2.0 URL: https://bitbucket.org/asomov/%{name} @@ -20,9 +20,6 @@ Source0: %{url}/get/%{name}-%{version}.tar.gz Patch0: 0001-replace-bundled-base64coder-with-java.util.Base64.patch # We don't have gdata-java in Fedora any longer, use commons-codec instead Patch1: 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch -# Fix a broken test, change backported from upstream: -# https://bitbucket.org/asomov/snakeyaml/commits/345408c -Patch2: 0003-fix-broken-test.patch BuildArch: noarch @@ -63,7 +60,6 @@ This package contains %{summary}. %setup -q -n asomov-%{name}-%{vertag} %patch0 -p1 %patch1 -p1 -%patch2 -p1 %mvn_file : %{name} @@ -115,10 +111,14 @@ rm src/test/java/org/yaml/snakeyaml/helpers/FileTestHelper.java %changelog +* Wed Apr 15 2020 Severin Gehwolf - 1.26-1 +- Update to latest upstream 1.26 release. +- Resolves: CVE-2017-18640 + * Thu Jan 30 2020 Fedora Release Engineering - 1.25-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Thu Oct 15 2019 Fabio Valentini - 1.25-3 +* Tue Oct 15 2019 Fabio Valentini - 1.25-3 - Replace base64coder dependency with java.util.Base64 from JDK8. * Tue Oct 15 2019 Fabio Valentini - 1.25-2 diff --git a/sources b/sources index 6ff9489..4cf6c7e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (snakeyaml-1.25.tar.gz) = 39c4254e368bdfe5dda1207443e86b2bb81a3c7d3f37d54c63aac6fcc8c74914a5e4f34fe4cbf7748556d54d81491170dbb3c51459ba2f7cc51efc2eb987a530 +SHA512 (snakeyaml-1.26.tar.gz) = 00cc2f9ee5f590eb6fbe511844856ed9cc97c6c135f2a116a01a9464eea79eec78be6b0cdfde363d4e1accf803b362cdfb9315f74da73f23c2f9b7900ade3145