This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository resteasy.
commit fb321407878e16222305a259741a3d5aa9b5feb2 Author: Emmanuel Bourg <[email protected]> Date: Sat Apr 16 23:13:53 2016 +0200 Refreshed the patches --- debian/changelog | 4 +++- debian/patches/CVE-2014-7839.diff | 18 ------------------ debian/patches/revert-to-jsr250-api.diff | 12 +++--------- debian/patches/series | 1 - 4 files changed, 6 insertions(+), 29 deletions(-) diff --git a/debian/changelog b/debian/changelog index 7bd3fab..444408b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ -resteasy (3.0.6-4) UNRELEASED; urgency=medium +resteasy (3.0.12-1) UNRELEASED; urgency=medium * Team upload. + * New upstream release + - Refreshed the patches * Fixed the Maven rule for snakeyaml (Closes: #821158) * Build with the DH sequencer instead of CDBS * Standards-Version updated to 3.9.8 (no changes) diff --git a/debian/patches/CVE-2014-7839.diff b/debian/patches/CVE-2014-7839.diff deleted file mode 100644 index 9642634..0000000 --- a/debian/patches/CVE-2014-7839.diff +++ /dev/null @@ -1,18 +0,0 @@ -Description: Fix CVE-2014-7839: External entities expanded by DocumentProvider -Origin: backport, https://github.com/ronsigal/Resteasy/commit/8b5d8cf - https://github.com/ronsigal/Resteasy/commit/dfd2264 -Bug: https://issues.jboss.org/browse/RESTEASY-1130 -Bug-Debian: https://bugs.debian.org/770544 ---- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DocumentProvider.java -+++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DocumentProvider.java -@@ -71,6 +71,10 @@ - try - { - documentBuilder.setExpandEntityReferences(expandEntityReferences); -+ documentBuilder.setFeature("http://xml.org/sax/features/external-general-entities";, expandEntityReferences); -+ documentBuilder.setFeature("http://xml.org/sax/features/external-parameter-entities";, expandEntityReferences); -+ documentBuilder.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); -+ documentBuilder.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true); - return documentBuilder.newDocumentBuilder().parse(input); - } - catch (Exception e) diff --git a/debian/patches/revert-to-jsr250-api.diff b/debian/patches/revert-to-jsr250-api.diff index fe02f58..303ba6c 100644 --- a/debian/patches/revert-to-jsr250-api.diff +++ b/debian/patches/revert-to-jsr250-api.diff @@ -6,11 +6,9 @@ Date: Fri Oct 17 17:58:52 2014 +0300 This reverts commit 24194c6f9f7ac9d358e80cad8d363ebad59d2080. -diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml -index 1ecc417..53aa0d2 100755 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml -@@ -160,9 +160,9 @@ +@@ -218,9 +218,9 @@ </dependency> <dependency> @@ -23,11 +21,9 @@ index 1ecc417..53aa0d2 100755 </dependency> <dependency> -diff --git a/jaxrs/resteasy-jaxrs/pom.xml b/jaxrs/resteasy-jaxrs/pom.xml -index 216b8fc..544a4f5 100755 --- a/jaxrs/resteasy-jaxrs/pom.xml +++ b/jaxrs/resteasy-jaxrs/pom.xml -@@ -60,9 +60,9 @@ +@@ -61,9 +61,9 @@ detected runtime? --> <dependency> @@ -40,11 +36,9 @@ index 216b8fc..544a4f5 100755 <!-- javax.activation.DataSource provider is required by spec --> <dependency> -diff --git a/jaxrs/resteasy-spring/pom.xml b/jaxrs/resteasy-spring/pom.xml -index b433b60..a47f90c 100755 --- a/jaxrs/resteasy-spring/pom.xml +++ b/jaxrs/resteasy-spring/pom.xml -@@ -117,9 +117,9 @@ +@@ -116,9 +116,9 @@ detected runtime? --> <dependency> diff --git a/debian/patches/series b/debian/patches/series index 6e15de3..194197c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1 @@ revert-to-jsr250-api.diff -CVE-2014-7839.diff -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/resteasy.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
