Package: libspring-java / 3.0.6.RELEASE-6+deb7u3

Metadata

Package Version Patches format
libspring-java 3.0.6.RELEASE-6+deb7u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001_use_debian_asm3.diff | (download)

projects/build-spring-framework/build.xml | 1 0 + 1 - 0 !
projects/org.springframework.aop/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.beans/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.context/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/scripting/support/ScriptFactoryPostProcessor.java | 2 1 + 1 - 0 !
projects/org.springframework.core/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/LocalVariableTableParameterNameDiscoverer.java | 14 7 + 7 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/AnnotationAttributesReadingVisitor.java | 6 3 + 3 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/AnnotationMetadataReadingVisitor.java | 6 3 + 3 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/ClassMetadataReadingVisitor.java | 14 7 + 7 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/MethodMetadataReadingVisitor.java | 12 6 + 6 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/SimpleMetadataReader.java | 6 3 + 3 - 0 !
projects/org.springframework.integration-tests/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.spring-library/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.web.portlet/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.web.servlet/ivy.xml | 4 2 + 2 - 0 !
16 files changed, 39 insertions(+), 40 deletions(-)

 use asm 3.x debian package instead of cglib-nodep:
 - change imports to org.objectweb.*
 - small fix to API usage
 - disable build of org.springframework.asm module
0002_ivy_dependencies.diff | (download)

projects/org.springframework.aop/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.aspects/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.beans/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.context.support/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.context/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.core/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.expression/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.instrument.tomcat/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.integration-tests/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.jdbc/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.jms/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.orm/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.oxm/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.spring-library/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.test/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.transaction/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web.portlet/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web.servlet/ivy.xml | 4 3 + 1 - 0 !
projects/org.springframework.web.struts/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web/ivy.xml | 2 2 + 0 - 0 !
20 files changed, 50 insertions(+), 2 deletions(-)

 don't use ivy for dependencies resolution
 as not enough debian packages provide Maven/Ivy metadata.
0003_no_ibm_websphere.diff | (download)

projects/org.springframework.transaction/build.xml | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 ibm websphere is non-free (remove it from source)
0004_no_derby_db.diff | (download)

projects/org.springframework.jdbc/build.xml | 11 11 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/embedded/EmbeddedDatabaseConfigurerFactory.java | 4 2 + 2 - 0 !
2 files changed, 13 insertions(+), 2 deletions(-)

 there is no package for derby db in debian.
 Don't compile EmbeddedDatabaseConfigurerFactory.
0005_commonj.diff | (download)

projects/org.springframework.context.support/src/main/java/org/springframework/scheduling/commonj/WorkManagerTaskExecutor.java | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 compatibility with commonj api provided by geronimo project
 The references to the Work related exceptions are disabled because the
 build fails and the compiler emit messages like this:
 "Unreachable catch block for WorkException. This exception is never thrown
 from the try statement body".
0006_aspectj_classpath.diff | (download)

projects/org.springframework.aspects/build.xml | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 fix iajc (aspectj compiler) classpath:
 - include JPA API
0008_jpa_20_api.diff | (download)

projects/org.springframework.orm/src/main/java/org/springframework/orm/jpa/persistenceunit/MutablePersistenceUnitInfo.java | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 jpa 2.0 compatibility patch
0009_hibernate_validator_41.diff | (download)

projects/org.springframework.context/src/main/java/org/springframework/validation/beanvalidation/LocalValidatorFactoryBean.java | 8 4 + 4 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/validation/beanvalidation/MessageSourceResourceBundleLocator.java | 55 0 + 55 - 0 !
2 files changed, 4 insertions(+), 59 deletions(-)

 remove some code which only compile with hibernate validator 4.1
 This should be re-enabled when Hibernate Validator 4.1 enter Debian.
0010_velocity_17.diff | (download)

projects/org.springframework.context.support/src/main/java/org/springframework/ui/velocity/VelocityEngineFactory.java | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 compatibility with velocity 1.7 api
Add processExternalEntities to JAXB2Marshaller.patch | (download)

projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java | 56 56 + 0 - 0 !
1 file changed, 56 insertions(+)

 add 'processexternalentities to jaxb2marshaller

Added 'processExternalEntities' property to the JAXB2Marshaller, which
indicates whether external XML entities are processed when
unmarshalling.

Default is false, meaning that external entities are not resolved.
Processing of external entities will only be enabled/disabled when the
Source} passed to #unmarshal(Source) is a SAXSource or StreamSource. It
has no effect for DOMSource or StAXSource instances.

Original patch by Arjen Poutsma.

Bug: http://bugs.debian.org/720902

CVE 2013 6429.patch | (download)

projects/org.springframework.core/src/main/java/org/springframework/util/StreamUtils.java | 183 183 + 0 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/util/xml/StaxUtils.java | 15 14 + 1 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/SourceHttpMessageConverter.java | 190 154 + 36 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/http/converter/xml/SourceHttpMessageConverterTests.java | 145 126 + 19 - 0 !
projects/org.springframework.web/src/test/resources/org/springframework/http/converter/xml/external.txt | 1 1 + 0 - 0 !
5 files changed, 478 insertions(+), 56 deletions(-)

 cve-2013-6429

Bug: http://bugs.debian.org/735420

CVE 2013 6430.patch | (download)

projects/org.springframework.web/src/main/java/org/springframework/web/util/JavaScriptUtils.java | 35 28 + 7 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/web/util/JavaScriptUtilsTests.java | 67 67 + 0 - 0 !
2 files changed, 95 insertions(+), 7 deletions(-)

 cve-2013-6430

Bug: http://bugs.debian.org/735420

CVE 2014 0054.patch | (download)

projects/org.springframework.oxm/src/main/java/org/springframework/oxm/castor/CastorMarshaller.java | 5 5 + 0 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java | 7 7 + 0 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jibx/JibxMarshaller.java | 21 15 + 6 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/support/AbstractMarshaller.java | 70 67 + 3 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/xmlbeans/XmlBeansMarshaller.java | 6 5 + 1 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/xstream/XStreamMarshaller.java | 20 15 + 5 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/SourceHttpMessageConverter.java | 9 8 + 1 - 0 !
7 files changed, 122 insertions(+), 16 deletions(-)

 cve-2014-0054

Bug: http://bugs.debian.org/741604

CVE 2014 1904.patch | (download)

projects/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/tags/form/FormTag.java | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 cve-2014-1904

Bug: http://bugs.debian.org/741604