PR#3: Rebase to match latest upstream release - rpms/slf4j

rpms / slf4j

#3 Rebase to match latest upstream release

Merged 4 years ago by dmoluguw. Opened 4 years ago by dmoluguw.

rpms/ dmoluguw/slf4j rebase-1.7.30 into master

Rebase to match latest upstream release

Dinesh Prasanth M K • 4 years ago

ef87c20

.gitignore

file modified

		`@@ -21,3 +21,4 @@`
		`/slf4j-1.7.21.tar.gz`
		`/slf4j-1.7.22.tar.gz`
		`/slf4j-1.7.25.tar.gz`
		`+ /v_1.7.30.tar.gz`

0001-Disallow-EventData-deserialization-by-default.patch

file removed

-44

		`@@ -1,44 +0,0 @@`
		`- From b1c0ca75ca38a7a8b50bfdfdf2c324169a6ddf02 Mon Sep 17 00:00:00 2001`
		`- From: Michael Simacek <msimacek@redhat.com>`
		`- Date: Mon, 19 Mar 2018 16:01:57 +0100`
		`- Subject: [PATCH] Disallow EventData deserialization by default`
		`-`
		`- ---`
		`- .../src/main/java/org/slf4j/ext/EventData.java \| 21 +++++++++++++++------`
		`- 1 file changed, 15 insertions(+), 6 deletions(-)`
		`-`
		`- diff --git a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java`
		`- index dc5b502..fa5c125 100644`
		`- --- a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java`
		`- +++ b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java`
		`- @@ -76,12 +76,21 @@ public class EventData implements Serializable {`
		`- */`
		`- @SuppressWarnings("unchecked")`
		`- public EventData(String xml) {`
		`- - ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());`
		`- - try {`
		`- - XMLDecoder decoder = new XMLDecoder(bais);`
		`- - this.eventData = (Map<String, Object>) decoder.readObject();`
		`- - } catch (Exception e) {`
		`- - throw new EventException("Error decoding " + xml, e);`
		`- + if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) {`
		`- + ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());`
		`- + try {`
		`- + XMLDecoder decoder = new XMLDecoder(bais);`
		`- + this.eventData = (Map<String, Object>) decoder.readObject();`
		`- + } catch (Exception e) {`
		`- + throw new EventException("Error decoding " + xml, e);`
		`- + }`
		`- + } else {`
		`- + throw new UnsupportedOperationException(`
		`- + "Constructing EventData from XML is vulnerable to remote " +`
		`- + "excution and is not allowed by default. If you're " +`
		`- + "completely sure the source data is trusted, you can enable " +`
		`- + "it by setting org.slf4j.ext.allowInsecureDeserialization " +`
		`- + "JVM property to 1");`
		`- }`
		`- }`
		`-`
		`- --`
		`- 2.14.3`
		`-`

slf4j.spec

file modified

+7 -5

		`@@ -29,8 +29,8 @@`
		`#`

		`Name: slf4j`
		`- Version: 1.7.25`
		`- Release: 9%{?dist}`
		`+ Version: 1.7.30`
		`+ Release: 1%{?dist}`
		`Epoch: 0`
		`Summary: Simple Logging Facade for Java`
		`# the log4j-over-slf4j and jcl-over-slf4j submodules are ASL 2.0, rest is MIT`
		`@@ -124,9 +124,8 @@`
		`SLF4J Source JARs.`

		`%prep`
		`- %setup -q`
		`- %patch0 -p1`
		`- find . -name "*.jar" \| xargs rm`
		`+ %setup -q -n %{name}-v_%{version}`
		`+ find -name '*.jar' -delete`
		`cp -p %{SOURCE1} APACHE-LICENSE`

		`%pom_disable_module integration`
		`@@ -214,6 +213,9 @@`
		`%{_defaultdocdir}/%{name}-manual`

		`%changelog`
		`+ * Thu Jan 23 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> - 0:1.7.30-1`
		`+ - Update to upstream version 1.7.30`
		`+`
		`* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.25-9`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild`

sources

file modified

+1 -1

		`@@ -1,2 +1,2 @@`
		`- SHA512 (slf4j-1.7.25.tar.gz) = 4f6a02ff542b1e8333d06d94d0dd604f6101b67e73bc348c224c26b0f503ac5a6cb14711526a659e3670bd724b65a0d9165aff926e10090b8ef60f34767bbce5`
		`SHA512 (LICENSE-2.0.txt) = 98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8`
		`+ SHA512 (v_1.7.30.tar.gz) = 4f05c996532560b16f22d78fcd47f8c4ba14691ce218a51ee6d50b283a51f8e40475a3a47f1117c1898a7be922e3f85806c4a7eb526759f0e7ea8426b5c6035f`