Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jsoup for openSUSE:Factory checked in at 2022-10-17 14:58:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jsoup (Old) and /work/SRC/openSUSE:Factory/.jsoup.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jsoup" Mon Oct 17 14:58:21 2022 rev:3 rq:1012018 version:1.15.3 Changes: -------- --- /work/SRC/openSUSE:Factory/jsoup/jsoup.changes 2021-08-27 21:45:00.378047599 +0200 +++ /work/SRC/openSUSE:Factory/.jsoup.new.2275/jsoup.changes 2022-10-17 14:58:26.346177933 +0200 @@ -1,0 +2,178 @@ +Mon Oct 17 05:42:39 UTC 2022 - Fridrich Strba <fst...@suse.com> + +- Upgrade to upstream version 1.15.3 +- Changes of 1.15.3 + * Security + + Fixed bsc#1203459 (CVE-2022-36033), an issue where the jsoup + cleaner may incorrectly sanitize crafted XSS attempts if + SafeList.preserveRelativeLinks is enabled. See the security + advisory for more details. + * Improvements + + The Cleaner will preserve the source position of cleaned + elements, if source tracking is enabled in the original parse. + + The error messages output from Validate are more descriptive. + Exceptions are now ValidationExceptions + (extending IllegalArgumentException). Stack traces do not + include the Validate class, to make it simpler to see where + the exception originated. Common validation errors including + malformed URLs and empty selector results have more explicit + error messages. + + Build Improvement: added implementation version and related + fields to the jar manifest. + * Bug Fixes + + The DataUtil would incorrectly read from InputStreams that + emitted reads less than the requested size. This lead to + incorrect results when parsing from chunked server responses, + for example. +- Changes of 1.15.2 + * Improvements + + Added the ability to track the position (line, column, index) + in the original input source from where a given node was + parsed. Accessible via Node.sourceRange() and + Element.endSourceRange(). + + Added Element.firstElementChild(), Element.lastElementChild(), + Node.firstChild(), Node.lastChild(), as convenient accessors + to those child nodes and elements. + + Added Element.expectFirst(), which is just like + Element.selectFirst(), but instead of returning a null if + there is no match, will throw an IllegalArgumentException. + This is useful if you want to simply abort processing if an + expected match is not found, such as in test cases. + + When pretty-printing HTML, doctypes are emitted on a newline + if there is a preceding comment. + + When pretty-printing, trim the leading and trailing spaces of + textnodes in block tags when possible, so that they are + indented correctly. + + In Element.selectXpath(), disable namespace awareness. This + makes it possible to always select elements by their simple + local name, regardless of whether an xmlns attribute was set. + * Bug Fixes + + When using the DataUtil.readToByteBuffer() method, such as in + Connection.Response.body(), if the document has not already + been parsed and must be read fully, and there is any maximum + buffer size being applied, only the default internal buffer + size was read. + + When serializing HTML, newlines in elements descending from a + pre tag were incorrectly skipped. That caused what should have + been preformatted output to instead be a run of text. + + When pretty-print serializing HTML, newlines separating + phrasing content (e.g. a <span> tag within a <p> tag would be + incorrectly skipped, instead of normalized to a space. + Additionally, improved space normalization between other end + of line occurences, and whitespace handling after a closing + </body> +- Changes of 1.15.1 + * Changes + + Removed previously deprecated methods and classes (including + org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist + instead). + * Improvements + + When converting jsoup Documents to W3C Documents in W3CDom, + preserve HTML valid attribute names if the input document is + using the HTML syntax. (Previously, would always coerce using + the more restrictive XML syntax.) + + Added the :containsWholeText(text) selector, to match against + non-normalized Element text. That can be useful when elements + can only be distinguished by e.g. specific case, or leading + whitespace, etc. + + Added Element#wholeOwnText() to retrieve the original + (non-normalized) ownText of an Element. Also added the + :containsWholeOwnText(text) selector, to match against that. + BR elements are now treated as newlines in the wholeText + methods. + + Added the :matchesWholeText(regex) and + :matchesWholeOwnText(regex) selectors, to match against whole + (non-normalized, case sensitive) element text and own text, + respectively. + + When evaluating an XPath query against a context element, the + complete document is now visible to the query, vs only the + context element's sub-tree. This enables support for queries + outside (parent or sibling) the element, e.g. + ancestor-or-self::*. + + Allow a maxPaddingWidth on the indent level in OutputSettings + when pretty printing. This defaults to 30 to limit the indent + level for very deeply nested elements, and may be disabled by + setting to -1. + + When cloning a Node or an Element, the clone gets a cloned + OwnerDocument containing only that clone, so as to preserve + applicable settings, such as the Pretty Print settings. + + Added a convenience method Jsoup.parse(File). + + In the NodeTraversor, added default implementations for + NodeVisitor.tail() and NodeFilter.tail(), so that code using + only head() methods can be written as lambdas. + + In NodeTraversor, added support for removing nodes via + Node.remove() during NodeVisitor.head(). + + Added Node.forEachNode(Consumer<Node>) and + Element.forEach(Consumer<Element) methods, to efficiently + traverse the DOM with a functional interface. + * Bug Fixes + + Boolean attribute names should be case-insensitive, but were + not when the parser was configured to preserve case. + + When reading from SequenceInputStreams across the buffer, the + input stream was closed too early, resulting in missed + content. + + A comment with all dashes (<!----->) should not emit a parse + error. + + When throwing a SelectorParseException for an invalid + selector, don't try to String.format the input, as that could + throw an IllegalFormatException. + + When serializing HTML with Pretty Print enabled, extraneous + whitespace may be added on closing tags, or extra newlines may + be added at the end of script blocks. + + When copy-creating a Safelist from another, perform a + deep-copy of the original's settings, so that changes to the + original after creation do not affect the copy. + + Speed improvement when parsing constructed HTML containing + very deeply incorrectly stacked formatting elements with many + attributes. + + During parsing, a StackOverflowException was possible given + crafted HTML with hundreds of nested table elements followed + by invalid formatting elements. +- Changes of 1.14.3 + * Improvements + + Added native XPath support with Element.selectXpath(String) + + Added full support for the <template> tag, up to the HTML5 + parser spec. + + Added support in CharacterReader to track newlines, so that + parse errors can be reported more intuitively. + + Tracked parse errors now have more details, including the + erroneous token, to help clarify the errors. + + Speed and memory optimizations for the :has(subquery) + selector. + + The :contains(text) and :containsOwn(text) selectors are now + whitespace normalized, aligning to the document text that they + are matching against. + + In Element, speed optimized adopting all of an element's child + nodes into a currently empty element. Improves the HTML + adoption agency algorithm when adopting elements with many + children. + + Increased the parse speed when in RCData (e.g. <title>) and + unescaped <tag> tokens are found, by memoizing the </title> + scan and reducing GC. + + When parsing custom tags (in HTML or XML), added a flyweight + cache on Tag.valueOf(String) to reduce memory overhead when + many tags are repeated. Also tuned other areas of the parser + when many very deeply stacked custom elements were present. + * Bug Fixes + + The OSGi bundle meta-data incorrectly set a version on the + import of javax.annotation (used as a build-time dependency + for nullability assertions). + + When tracking errors or checking for validity in the Cleaner, + errors were incorrectly raised for missing optional closing tags. + + The Attributes.equals() method was sensitive to the order of + its contents, but it should not be. + + When the HTML parser was configured to preserve case, Element + text methods would miss adding whitespace for BR tags. + + Attribute names are now normalized & validated correctly for + the specific output syntax (HTML or XML). Previously, + syntactically invalid attribute names could be output by the + html() methods. Such attributes are still available in the + DOM, and will be normalized if possible on output. + + Fixed an IOOB when an empty select tag was followed by a body + tag that needed reparenting. + * Build Improvements + + Fixed nullability annotations for Node.equals(Object) and + other equals methods. + + Added JDK 17 to the CI builds. + +------------------------------------------------------------------- Old: ---- jsoup-1.14.2.tar.xz New: ---- jsoup-1.15.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jsoup.spec ++++++ --- /var/tmp/diff_new_pack.pZtCBS/_old 2022-10-17 14:58:26.902179001 +0200 +++ /var/tmp/diff_new_pack.pZtCBS/_new 2022-10-17 14:58:26.906179009 +0200 @@ -1,7 +1,7 @@ # # spec file for package jsoup # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: jsoup -Version: 1.14.2 +Version: 1.15.3 Release: 0 Summary: Java library for working with HTML License: MIT @@ -28,7 +28,7 @@ Source1: %{name}-build.xml BuildRequires: ant BuildRequires: fdupes -BuildRequires: java-devel >= 1.7 +BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local BuildRequires: jsr-305 BuildArch: noarch ++++++ _service ++++++ --- /var/tmp/diff_new_pack.pZtCBS/_old 2022-10-17 14:58:26.938179070 +0200 +++ /var/tmp/diff_new_pack.pZtCBS/_new 2022-10-17 14:58:26.942179078 +0200 @@ -2,8 +2,10 @@ <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/jhy/jsoup.git</param> - <param name="version">1.14.2</param> - <param name="revision">jsoup-1.14.2</param> + <param name="revision">jsoup-1.15.3</param> + <param name="match-tag">jsoup-*</param> + <param name="versionformat">@PARENT_TAG@</param> + <param name="versionrewrite-pattern">jsoup-(.*)</param> <param name="exclude">src/test/resources</param> </service> <service name="recompress" mode="disabled"> ++++++ jsoup-1.14.2.tar.xz -> jsoup-1.15.3.tar.xz ++++++ ++++ 9758 lines of diff (skipped) ++++++ jsoup-build.xml ++++++ --- /var/tmp/diff_new_pack.pZtCBS/_old 2022-10-17 14:58:27.110179401 +0200 +++ /var/tmp/diff_new_pack.pZtCBS/_new 2022-10-17 14:58:27.114179408 +0200 @@ -11,7 +11,7 @@ <property name="project.name" value="jsoup Java HTML Parser"/> <property name="project.groupId" value="org.jsoup"/> <property name="project.artifactId" value="jsoup"/> - <property name="project.version" value="1.14.2"/> + <property name="project.version" value="1.15.3"/> <property name="project.description" value="jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do."/> <property name="project.organization.name" value="Jonathan Hedley"/> <property name="project.build.sourceEncoding" value="UTF-8"/> @@ -131,12 +131,16 @@ <attribute name="Bundle-Description" value="${project.description}"/> <attribute name="Bundle-DocURL" value="https://jsoup.org/"/> <attribute name="Bundle-License" value="https://jsoup.org/license"/> + <attribute name="Bundle-ManifestVersion" value="2"/> <attribute name="Bundle-Name" value="${project.name}"/> <attribute name="Bundle-SymbolicName" value="org.jsoup"/> <attribute name="Bundle-Vendor" value="${project.organization.name}"/> <attribute name="Bundle-Version" value="${project.version}"/> - <attribute name="Export-Package" value="org.jsoup;uses:="javax.annotation,javax.net.ssl,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety";version="${project.version}",org.jsoup.examples;uses:="org.jsoup.nodes";version="${project.version}",org.jsoup.helper;uses:="javax.annotation,javax.net.ssl,javax.xml.parsers,org.jsoup,org.jsoup.nodes,org.jsoup.parser,org.jsoup.select,org.w3c.dom";version="${project.version}",org.jsoup.internal;uses:="javax.annotation,javax.annotation.meta";version="${project.version}",org.jsoup.nodes;uses:="javax.annotation,org.jsoup,org.jsoup.parser,org.jsoup.select";version="${project.version}",org.jsoup.parser;uses:="javax.annotation,org.jsoup.nodes";version="${project.version}",org.jsoup.safety;uses:="org.jsoup.nodes";version="${project.version}",org.jsoup.select;uses:="javax.annotation,org.jsoup.nodes"; version="${project.version}""/> - <attribute name="Import-Package" value="javax.annotation,javax.annotation.meta,javax.net.ssl,javax.xml.parsers,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.stream,org.jsoup,org.jsoup.helper,org.jsoup.internal,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety,org.jsoup.select,org.w3c.dom"/> + <attribute name="Export-Package" value="org.jsoup.examples;uses:="org.jsoup.nodes";version="%{project.version}",org.jsoup.helper;uses:="javax.annotation,javax.net.ssl,javax.xml.parsers,org.jsoup,org.jsoup.nodes,org.jsoup.parser,org.jsoup.select,org.w3c.dom";version="%{project.version}",org.jsoup.internal;uses:="javax.annotation,javax.annotation.meta";version="%{project.version}",org.jsoup.nodes;uses:="javax.annotation,org.jsoup,org.jsoup.helper,org.jsoup.parser,org.jsoup.select";version="%{project.version}",org.jsoup.parser;uses:="javax.annotation,org.jsoup.nodes";version="%{project.version}",org.jsoup.safety;uses:="org.jsoup.nodes";version="%{project.version}",org.jsoup.select;uses:="javax.annotation,org.jsoup.nodes";version="%{project.version}",org.jsoup;uses:="javax.annotation,javax.net.ssl,org.jsoup.nodes,org.jsoup.parser,org.js oup.safety";version="%{project.version}""/> + <attribute name="Implementation-Title" value="jsoup Java HTML Parser"/> + <attribute name="Implementation-Vendor" value="Jonathan Hedley"/> + <attribute name="Implementation-Version" value="%{project.version}"/> + <attribute name="Import-Package" value="javax.annotation.meta;resolution:=optional,javax.annotation;resolution:=optional,javax.net.ssl,javax.xml.namespace,javax.xml.parsers,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.stream,javax.xml.xpath,org.jsoup,org.jsoup.helper,org.jsoup.internal,org.jsoup.nodes,org.jsoup.parser,org.jsoup.safety,org.jsoup.select,org.w3c.dom"/> <attribute name="Require-Capability" value="osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=${compiler.target}))""/> </manifest> </jar>