diff --git a/0002-Remove-ZSTD-compressor.patch b/0002-Remove-ZSTD-compressor.patch index e6dc71d2fc0dd519bc29b916f41ce85ed7c81f9e..f629657e7a9ae4d2092b4cbdcacf07ea33fc463a 100644 --- a/0002-Remove-ZSTD-compressor.patch +++ b/0002-Remove-ZSTD-compressor.patch @@ -1,17 +1,17 @@ -From 575df9b9a3519186ac801a10eb632e0e2b4ddbdd Mon Sep 17 00:00:00 2001 +From d80b7b190c789c33a15f56613a21c44827a63c75 Mon Sep 17 00:00:00 2001 From: Michael Simacek Date: Mon, 12 Feb 2018 10:59:55 +0100 Subject: [PATCH 2/3] Remove ZSTD compressor --- - .../compressors/CompressorStreamFactory.java | 14 ++------------ - 1 file changed, 2 insertions(+), 12 deletions(-) + .../compressors/CompressorStreamFactory.java | 22 ++++--------------- + 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -index 0f1394f..eee7c31 100644 +index 2406d5a44..9ed40a3d7 100644 --- a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java +++ b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -@@ -54,9 +54,6 @@ import org.apache.commons.compress.compressors.xz.XZCompressorInputStream; +@@ -53,9 +53,6 @@ import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream; import org.apache.commons.compress.compressors.xz.XZUtils; import org.apache.commons.compress.compressors.z.ZCompressorInputStream; @@ -19,20 +19,40 @@ index 0f1394f..eee7c31 100644 -import org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream; -import org.apache.commons.compress.compressors.zstandard.ZstdUtils; import org.apache.commons.compress.utils.IOUtils; - import org.apache.commons.compress.utils.Lists; - import org.apache.commons.compress.utils.ServiceLoaderIterator; -@@ -509,10 +506,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { + import org.apache.commons.compress.utils.Sets; + +@@ -280,10 +277,6 @@ static String detect(final InputStream inputStream, final Set compressor return LZ4_FRAMED; } -- if (ZstdUtils.matches(signature, signatureLength)) { +- if (compressorNames.contains(ZSTANDARD) && ZstdUtils.matches(signature, signatureLength)) { - return ZSTANDARD; - } - throw new CompressorException("No Compressor found for the stream signature."); } - /** -@@ -588,10 +581,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { + +@@ -405,10 +398,6 @@ public static String getZ() { + return Z; + } + +- public static String getZstandard() { +- return ZSTANDARD; +- } +- + static void putAll(final Set names, final CompressorStreamProvider provider, final TreeMap map) { + names.forEach(name -> map.put(toKey(name), provider)); + } +@@ -513,7 +502,7 @@ public CompressorInputStream createCompressorInputStream(final InputStream in, f + * Creates a compressor input stream from a compressor name and an input stream. + * + * @param name of the compressor, i.e. {@value #GZIP}, {@value #BZIP2}, {@value #XZ}, {@value #LZMA}, {@value #PACK200}, {@value #SNAPPY_RAW}, +- * {@value #SNAPPY_FRAMED}, {@value #Z}, {@value #LZ4_BLOCK}, {@value #LZ4_FRAMED}, {@value #ZSTANDARD}, {@value #DEFLATE64} or ++ * {@value #SNAPPY_FRAMED}, {@value #Z}, {@value #LZ4_BLOCK}, {@value #LZ4_FRAMED}, {@value #DEFLATE64} or + * {@value #DEFLATE} + * @param in the input stream + * @return compressor input stream +@@ -554,10 +543,7 @@ public CompressorInputStream createCompressorInputStream(final String name, fina } if (ZSTANDARD.equalsIgnoreCase(name)) { @@ -44,7 +64,16 @@ index 0f1394f..eee7c31 100644 } if (LZMA.equalsIgnoreCase(name)) { -@@ -707,7 +697,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -614,7 +600,7 @@ public CompressorInputStream createCompressorInputStream(final String name, fina + * Creates a compressor output stream from a compressor name and an output stream. + * + * @param name the compressor name, i.e. {@value #GZIP}, {@value #BZIP2}, {@value #XZ}, {@value #PACK200}, {@value #SNAPPY_FRAMED}, {@value #LZ4_BLOCK}, +- * {@value #LZ4_FRAMED}, {@value #ZSTANDARD} or {@value #DEFLATE} ++ * {@value #LZ4_FRAMED} or {@value #DEFLATE} + * @param out the output stream + * @return the compressor output stream + * @throws CompressorException if the archiver name is not known +@@ -665,7 +651,7 @@ public CompressorOutputStream createCompressorOutputStream(final String name, fi } if (ZSTANDARD.equalsIgnoreCase(name)) { @@ -54,5 +83,5 @@ index 0f1394f..eee7c31 100644 } catch (final IOException e) { throw new CompressorException("Could not create CompressorOutputStream", e); -- -2.20.1 +2.43.0 diff --git a/0003-Remove-Pack200-compressor.patch b/0003-Remove-Pack200-compressor.patch index 5aa1b14d5ed57409c5046ba9fabccb6b8bb458fb..2f9e4bd49f9b63a2dae99d3702383f6211945748 100644 --- a/0003-Remove-Pack200-compressor.patch +++ b/0003-Remove-Pack200-compressor.patch @@ -1,17 +1,17 @@ -From 9937297a90b43a5e1238932eb8a07c44303056ed Mon Sep 17 00:00:00 2001 +From 77d08229cd95cc948a19996faa8515e0d77d7930 Mon Sep 17 00:00:00 2001 From: Marian Koncek Date: Fri, 6 Aug 2021 13:42:40 +0200 -Subject: [PATCH] Remove Pack200 compressor +Subject: [PATCH 3/3] Remove Pack200 compressor --- .../compress/compressors/CompressorStreamFactory.java | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -index eee7c31..de7da23 100644 +index 9ed40a3d7..565aa519e 100644 --- a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java +++ b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -@@ -45,8 +45,6 @@ import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStre +@@ -44,8 +44,6 @@ import org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream; import org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream; import org.apache.commons.compress.compressors.lzma.LZMAUtils; @@ -20,18 +20,18 @@ index eee7c31..de7da23 100644 import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream; import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream; import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream; -@@ -478,10 +476,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -249,10 +247,6 @@ static String detect(final InputStream inputStream, final Set compressor return GZIP; } -- if (Pack200CompressorInputStream.matches(signature, signatureLength)) { +- if (compressorNames.contains(PACK200) && Pack200CompressorInputStream.matches(signature, signatureLength)) { - return PACK200; - } - - if (FramedSnappyCompressorInputStream.matches(signature, signatureLength)) { + if (compressorNames.contains(SNAPPY_FRAMED) && FramedSnappyCompressorInputStream.matches(signature, signatureLength)) { return SNAPPY_FRAMED; } -@@ -592,7 +586,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -554,7 +548,7 @@ public CompressorInputStream createCompressorInputStream(final String name, fina } if (PACK200.equalsIgnoreCase(name)) { @@ -40,7 +40,7 @@ index eee7c31..de7da23 100644 } if (SNAPPY_RAW.equalsIgnoreCase(name)) { -@@ -673,7 +667,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -627,7 +621,7 @@ public CompressorOutputStream createCompressorOutputStream(final String name, fi } if (PACK200.equalsIgnoreCase(name)) { @@ -50,5 +50,5 @@ index eee7c31..de7da23 100644 if (LZMA.equalsIgnoreCase(name)) { -- -2.31.1 +2.43.0 diff --git a/apache-commons-compress.spec b/apache-commons-compress.spec index 32a445063bbb7da6cfae2cbb6d41b3ea6c199ce6..98df6f1da07c2238599a916a7e275736f69dac98 100644 --- a/apache-commons-compress.spec +++ b/apache-commons-compress.spec @@ -2,7 +2,7 @@ %bcond_without bootstrap Name: apache-commons-compress -Version: 1.21 +Version: 1.26 Release: %{anolis_release}%{?dist} Summary: Java API for working with compressed files and archivers License: ASL 2.0 @@ -54,15 +54,13 @@ rm -r src/{main,test}/java/org/apache/commons/compress/compressors/brotli %patch1 -p1 %pom_remove_dep :zstd-jni rm -r src/{main,test}/java/org/apache/commons/compress/compressors/zstandard -rm src/test/java/org/apache/commons/compress/compressors/DetectCompressorTestCase.java # Remove support for pack200 which depends on ancient asm:asm:3.2 %patch2 -p1 -%pom_remove_dep asm:asm +#%pom_remove_dep asm:asm rm -r src/{main,test}/java/org/apache/commons/compress/harmony rm -r src/main/java/org/apache/commons/compress/compressors/pack200 rm src/main/java/org/apache/commons/compress/java/util/jar/Pack200.java -rm src/test/java/org/apache/commons/compress/compressors/Pack200TestCase.java rm -r src/test/java/org/apache/commons/compress/compressors/pack200 rm src/test/java/org/apache/commons/compress/java/util/jar/Pack200Test.java @@ -92,5 +90,8 @@ rm src/test/java/org/apache/commons/compress/archivers/tar/TarMemoryFileSystemTe %doc LICENSE.txt NOTICE.txt %changelog +* Fri Jun 28 2024 pangqing - 1.26-1 +- CVE-2024-26308 and CVE-2024-25710 + * Mon Mar 27 2023 Chunmei Xu - 1.21-1 - init from upstream diff --git a/commons-compress-1.21-src.tar.gz b/commons-compress-1.21-src.tar.gz deleted file mode 100644 index 1f21f61a6e8a0fb823bf4ffb46bbb8d9bf55e18c..0000000000000000000000000000000000000000 Binary files a/commons-compress-1.21-src.tar.gz and /dev/null differ diff --git a/commons-compress-1.26-src.tar.gz b/commons-compress-1.26-src.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..34299e96405a909cfc82986bbe1d29954edf202e Binary files /dev/null and b/commons-compress-1.26-src.tar.gz differ