rpms/apache-commons-configuration
Archived
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f42
rpms:f41
rpms:f39
rpms:f40
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:javapackages
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f15
rpms:f16
rpms:f14
rpms:apache-commons-configuration-1_6-2_fc14
rpms:apache-commons-configuration-1_6-1_fc14
...
pull from: rpms:f39
Branches Tags
rpms:main
rpms:rawhide
rpms:f42
rpms:f41
rpms:f39
rpms:f40
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:javapackages
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f15
rpms:f16
rpms:f14
rpms:apache-commons-configuration-1_6-2_fc14
rpms:apache-commons-configuration-1_6-1_fc14
This repository has been archived on 2026-01-16. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.

1 commit
rawhide ... f39

Author SHA1 Message Date
Jerry James
a39962a23e Version 2.10.1 (CVE-2024-29131, CVE-2024-29133) 2024-03-21 09:37:37 -06:00
3 changed files with 36 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

58
apache-commons-configuration-jexl3.patch
View file

@ -1,28 +1,28 @@
--- commons-configuration2-2.9.0-src/pom.xml.orig 2022-12-30 09:12:53.000000000 -0700
+++ commons-configuration2-2.9.0-src/pom.xml 2023-06-12 15:38:55.548555740 -0600
@@ -329,8 +329,8 @@
<dependency>
<groupId>org.apache.commons</groupId>
- <artifactId>commons-jexl</artifactId>
- <version>2.1.1</version>
+ <artifactId>commons-jexl3</artifactId>
+ <version>3.3</version>
<optional>true</optional>
</dependency>
@@ -547,7 +547,7 @@
org.apache.commons.jxpath.*;resolution:=optional,
org.apache.xml.resolver.*;resolution:=optional,
javax.servlet.*;resolution:=optional,
- org.apache.commons.jexl2.*;resolution:=optional,
+ org.apache.commons.jexl3.*;resolution:=optional,
org.apache.commons.vfs2.*;resolution:=optional,
org.springframework.*;resolution:=optional,
com.fasterxml.jackson.*;resolution:=optional,
--- commons-configuration2-2.9.0-src/src/main/java/org/apache/commons/configuration2/interpol/ExprLookup.java.orig 2022-12-30 09:12:53.000000000 -0700
+++ commons-configuration2-2.9.0-src/src/main/java/org/apache/commons/configuration2/interpol/ExprLookup.java 2023-06-12 15:47:49.164786367 -0600
@@ -21,10 +21,10 @@ import java.util.Objects;
--- commons-configuration2-2.10.1-src/pom.xml.orig 2024-03-17 14:14:52.000000000 -0600
+++ commons-configuration2-2.10.1-src/pom.xml 2024-03-21 08:56:35.553773318 -0600
@@ -53,7 +53,7 @@
org.apache.commons.jxpath.*;resolution:=optional,
org.apache.xml.resolver.*;resolution:=optional,
javax.servlet.*;resolution:=optional,
- org.apache.commons.jexl2.*;resolution:=optional,
+ org.apache.commons.jexl3.*;resolution:=optional,
org.apache.commons.vfs2.*;resolution:=optional,
org.springframework.*;resolution:=optional,
com.fasterxml.jackson.*;resolution:=optional,
@@ -142,8 +142,8 @@
<dependency>
<groupId>org.apache.commons</groupId>
- <artifactId>commons-jexl</artifactId>
- <version>2.1.1</version>
+ <artifactId>commons-jexl3</artifactId>
+ <version>3.3</version>
<optional>true</optional>
</dependency>
--- commons-configuration2-2.10.1-src/src/main/java/org/apache/commons/configuration2/interpol/ExprLookup.java.orig 2024-03-17 14:14:52.000000000 -0600
+++ commons-configuration2-2.10.1-src/src/main/java/org/apache/commons/configuration2/interpol/ExprLookup.java 2024-03-21 08:56:12.293110406 -0600
@@ -21,10 +21,12 @@ import java.util.Objects;
import org.apache.commons.configuration2.ex.ConfigurationRuntimeException;
import org.apache.commons.configuration2.io.ConfigurationLogger;
@ -30,23 +30,25 @@
-import org.apache.commons.jexl2.JexlContext;
-import org.apache.commons.jexl2.JexlEngine;
-import org.apache.commons.jexl2.MapContext;
+import org.apache.commons.jexl3.JexlBuilder;
+import org.apache.commons.jexl3.JexlContext;
+import org.apache.commons.jexl3.JexlEngine;
+import org.apache.commons.jexl3.JexlExpression;
+import org.apache.commons.jexl3.MapContext;
+import org.apache.commons.jexl3.introspection.JexlPermissions;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringSubstitutor;
@@ -82,7 +82,7 @@ public class ExprLookup implements Looku
@@ -82,7 +84,7 @@ public class ExprLookup implements Looku
private ConfigurationLogger logger;
/** The engine. */
- private final JexlEngine engine = new JexlEngine();
+ private final JexlEngine engine = JexlEngine.getThreadEngine();
+ private final JexlEngine engine = new JexlBuilder().permissions(JexlPermissions.UNRESTRICTED).create();
/** The variables maintained by this object. */
private Variables variables;
@@ -215,7 +215,7 @@ public class ExprLookup implements Looku
@@ -215,7 +217,7 @@ public class ExprLookup implements Looku
String result = substitutor.replace(var);
try {

7
apache-commons-configuration.spec
View file

@ -2,7 +2,7 @@
%bcond_with test
Name: apache-commons-configuration
Version: 2.9.0
Version: 2.10.1
Release: %autorelease
Summary: Read configuration data from a variety of sources
@ -10,6 +10,7 @@ License: Apache-2.0
BuildArch: noarch
ExclusiveArch: %{java_arches} noarch
URL: https://commons.apache.org/proper/commons-configuration/
VCS: https://github.com/apache/commons-configuration
Source0: https://archive.apache.org/dist/commons/configuration/source/commons-configuration2-%{version}-src.tar.gz
Source1: https://archive.apache.org/dist/commons/configuration/source/commons-configuration2-%{version}-src.tar.gz.asc
Source2: https://downloads.apache.org/commons/KEYS
@ -116,9 +117,9 @@ rm -fr src/{main,test}/java/org/apache/commons/configuration2/spring
%build
# We skip tests because we don't have test deps (dbunit in particular).
%if %{with test}
%mvn_build
%mvn_build -- -Dcommons.packageId=configuration
%else
%mvn_build -f
%mvn_build -f -- -Dcommons.packageId=configuration
%endif
%install

4
sources
View file

@ -1,2 +1,2 @@
SHA512 (commons-configuration2-2.9.0-src.tar.gz) = 61091f483aa531b52e4b97b5671042bd6b8b6080c5f8951c3de27fbf1beb5c5d93c2deb2e641bb39b3fd4e7e24de6f49e931ff248501f864ea2e2f9804defdfa
SHA512 (commons-configuration2-2.9.0-src.tar.gz.asc) = c9d879fae2f5714bcc1203b30f9113187261fd8ca5f30723b34d8ed4aa4f06bfc77efd4ed4bd56922543636064fc155f7c9810fdd4ccefd52f14b309fe1f62bd
SHA512 (commons-configuration2-2.10.1-src.tar.gz) = cccaa29b59467e1bc08a2c62d84a057f342418003e10b5a0c259c67be2059db38c035224bfe520e48e789e55b656f105079f42486590e29624c35a436fcee257
SHA512 (commons-configuration2-2.10.1-src.tar.gz.asc) = 048124b6fa7212bc4323c36d1131c6fc68dedfb70241061db5d07bba7989ccd46910cda255f5547477223572f30dcba7f6296f404428c82c09451fe29b0957f5