diff --git a/0002-Remove-ZSTD-compressor.patch b/0002-Remove-ZSTD-compressor.patch index e6dc71d2fc0dd519bc29b916f41ce85ed7c81f9e..244a153b929ea21758c15e6bf739467808638db9 100644 --- a/0002-Remove-ZSTD-compressor.patch +++ b/0002-Remove-ZSTD-compressor.patch @@ -8,10 +8,10 @@ Subject: [PATCH 2/3] Remove ZSTD compressor 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -index 0f1394f..eee7c31 100644 +index 95b6e45..16bc88e 100644 --- a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java +++ b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -@@ -54,9 +54,6 @@ import org.apache.commons.compress.compressors.xz.XZCompressorInputStream; +@@ -53,9 +53,6 @@ import org.apache.commons.compress.compressors.xz.XZCompressorInputStream; import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream; import org.apache.commons.compress.compressors.xz.XZUtils; import org.apache.commons.compress.compressors.z.ZCompressorInputStream; @@ -19,20 +19,20 @@ index 0f1394f..eee7c31 100644 -import org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream; -import org.apache.commons.compress.compressors.zstandard.ZstdUtils; import org.apache.commons.compress.utils.IOUtils; - import org.apache.commons.compress.utils.Lists; - import org.apache.commons.compress.utils.ServiceLoaderIterator; -@@ -509,10 +506,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { + import org.apache.commons.compress.utils.Sets; + +@@ -297,10 +294,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { return LZ4_FRAMED; } -- if (ZstdUtils.matches(signature, signatureLength)) { +- if (compressorNames.contains(ZSTANDARD) && ZstdUtils.matches(signature, signatureLength)) { - return ZSTANDARD; - } - throw new CompressorException("No Compressor found for the stream signature."); } - /** -@@ -588,10 +581,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { + +@@ -615,10 +608,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { } if (ZSTANDARD.equalsIgnoreCase(name)) { @@ -44,7 +44,7 @@ index 0f1394f..eee7c31 100644 } if (LZMA.equalsIgnoreCase(name)) { -@@ -707,7 +697,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -734,7 +724,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { } if (ZSTANDARD.equalsIgnoreCase(name)) { @@ -54,5 +54,5 @@ index 0f1394f..eee7c31 100644 } catch (final IOException e) { throw new CompressorException("Could not create CompressorOutputStream", e); -- -2.20.1 +2.43.0 diff --git a/0003-Remove-Pack200-compressor.patch b/0003-Remove-Pack200-compressor.patch index 5aa1b14d5ed57409c5046ba9fabccb6b8bb458fb..e80d6fa0d594beee6fced01f6e2227dd7ab4bbb1 100644 --- a/0003-Remove-Pack200-compressor.patch +++ b/0003-Remove-Pack200-compressor.patch @@ -1,6 +1,6 @@ -From 9937297a90b43a5e1238932eb8a07c44303056ed Mon Sep 17 00:00:00 2001 +From d31ed816bd3dc7743cba7e1196c730f41cdf98e0 Mon Sep 17 00:00:00 2001 From: Marian Koncek -Date: Fri, 6 Aug 2021 13:42:40 +0200 +Date: Mon, 11 Mar 2024 12:16:28 +0100 Subject: [PATCH] Remove Pack200 compressor --- @@ -8,10 +8,10 @@ Subject: [PATCH] Remove Pack200 compressor 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -index eee7c31..de7da23 100644 +index a980aef..dc6aeb9 100644 --- a/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java +++ b/src/main/java/org/apache/commons/compress/compressors/CompressorStreamFactory.java -@@ -45,8 +45,6 @@ import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStre +@@ -44,8 +44,6 @@ import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStre import org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream; import org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream; import org.apache.commons.compress.compressors.lzma.LZMAUtils; @@ -20,18 +20,18 @@ index eee7c31..de7da23 100644 import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream; import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream; import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream; -@@ -478,10 +476,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -249,10 +247,6 @@ public class CompressorStreamFactory implements CompressorStreamProvider { return GZIP; } -- if (Pack200CompressorInputStream.matches(signature, signatureLength)) { +- if (compressorNames.contains(PACK200) && Pack200CompressorInputStream.matches(signature, signatureLength)) { - return PACK200; - } - - if (FramedSnappyCompressorInputStream.matches(signature, signatureLength)) { + if (compressorNames.contains(SNAPPY_FRAMED) && FramedSnappyCompressorInputStream.matches(signature, signatureLength)) { return SNAPPY_FRAMED; } -@@ -592,7 +586,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -558,7 +552,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { } if (PACK200.equalsIgnoreCase(name)) { @@ -40,7 +40,7 @@ index eee7c31..de7da23 100644 } if (SNAPPY_RAW.equalsIgnoreCase(name)) { -@@ -673,7 +667,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { +@@ -631,7 +625,7 @@ public class CompressorStreamFactory implements CompressorStreamProvider { } if (PACK200.equalsIgnoreCase(name)) { @@ -50,5 +50,5 @@ index eee7c31..de7da23 100644 if (LZMA.equalsIgnoreCase(name)) { -- -2.31.1 +2.44.0 diff --git a/apache-commons-compress.spec b/apache-commons-compress.spec index 32a445063bbb7da6cfae2cbb6d41b3ea6c199ce6..06357cf616848843509b5f18b5796751c241f674 100644 --- a/apache-commons-compress.spec +++ b/apache-commons-compress.spec @@ -2,7 +2,7 @@ %bcond_without bootstrap Name: apache-commons-compress -Version: 1.21 +Version: 1.27.1 Release: %{anolis_release}%{?dist} Summary: Java API for working with compressed files and archivers License: ASL 2.0 @@ -20,13 +20,14 @@ Patch2: 0003-Remove-Pack200-compressor.patch BuildRequires: javapackages-bootstrap %else BuildRequires: maven-local -BuildRequires: mvn(junit:junit) +BuildRequires: mvn(commons-codec:commons-codec) +BuildRequires: mvn(commons-io:commons-io) +BuildRequires: mvn(org.apache.commons:commons-lang3) BuildRequires: mvn(org.apache.commons:commons-parent:pom:) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) -BuildRequires: mvn(org.hamcrest:hamcrest) -BuildRequires: mvn(org.mockito:mockito-core) BuildRequires: mvn(org.osgi:org.osgi.core) +BuildRequires: mvn(org.ow2.asm:asm) BuildRequires: mvn(org.tukaani:xz) %endif @@ -54,15 +55,12 @@ rm -r src/{main,test}/java/org/apache/commons/compress/compressors/brotli %patch1 -p1 %pom_remove_dep :zstd-jni rm -r src/{main,test}/java/org/apache/commons/compress/compressors/zstandard -rm src/test/java/org/apache/commons/compress/compressors/DetectCompressorTestCase.java # Remove support for pack200 which depends on ancient asm:asm:3.2 %patch2 -p1 -%pom_remove_dep asm:asm rm -r src/{main,test}/java/org/apache/commons/compress/harmony rm -r src/main/java/org/apache/commons/compress/compressors/pack200 rm src/main/java/org/apache/commons/compress/java/util/jar/Pack200.java -rm src/test/java/org/apache/commons/compress/compressors/Pack200TestCase.java rm -r src/test/java/org/apache/commons/compress/compressors/pack200 rm src/test/java/org/apache/commons/compress/java/util/jar/Pack200Test.java @@ -70,9 +68,7 @@ rm src/test/java/org/apache/commons/compress/java/util/jar/Pack200Test.java %pom_remove_dep org.ops4j.pax.exam:::test %pom_remove_dep :org.apache.felix.framework::test %pom_remove_dep :javax.inject::test -%pom_remove_dep :slf4j-api::test -rm src/test/java/org/apache/commons/compress/OsgiITest.java - +%pom_remove_dep org.mockito:mockito-junit-jupiter::test # Not packaged %pom_remove_dep com.github.marschall:memoryfilesystem rm src/test/java/org/apache/commons/compress/archivers/tar/TarMemoryFileSystemTest.java @@ -92,5 +88,9 @@ rm src/test/java/org/apache/commons/compress/archivers/tar/TarMemoryFileSystemTe %doc LICENSE.txt NOTICE.txt %changelog +* Mon Jul 7 2025 lzq11122 - 1.27.1-1 +- update to 1.27.1 from 1.21 +- fix CVE-2024-25710 + * Mon Mar 27 2023 Chunmei Xu - 1.21-1 - init from upstream diff --git a/commons-compress-1.21-src.tar.gz b/commons-compress-1.21-src.tar.gz deleted file mode 100644 index 1f21f61a6e8a0fb823bf4ffb46bbb8d9bf55e18c..0000000000000000000000000000000000000000 Binary files a/commons-compress-1.21-src.tar.gz and /dev/null differ diff --git a/commons-compress-1.27.1-src.tar.gz b/commons-compress-1.27.1-src.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c2e10e6d947705375e61cacf6d781405b8e40f52 Binary files /dev/null and b/commons-compress-1.27.1-src.tar.gz differ