commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2024-06-12 15:39:25 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.19518 (New) Package is "guava" Wed Jun 12 15:39:25 2024 rev:13 rq:1180163 version:33.2.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2024-04-18 22:13:15.742928514 +0200 +++ /work/SRC/openSUSE:Factory/.guava.new.19518/guava.changes 2024-06-12 15:40:20.702576990 +0200 @@ -1,0 +2,56 @@ +Wed Jun 12 10:14:08 UTC 2024 - Fridrich Strba + +- Upgrade to guava 33.2.1 + * Changes of version 33.2.1 ++ net: Changed InetAddress-String conversion methods to preserve + the IPv6 scope ID if present. The scope ID can be necessary + for IPv6-capable devices with multiple network interfaces. + However, preserving it can also lead to problems for callers + that rely on the returned values not to include the scope ID: + - Callers might compensate for the old behavior of the methods +by appending the scope ID to a returned string themselves. +If so, you can update your code to stop doing so at the same +time as you upgrade Guava. Of, if your code might run +against multiple versions of Guava, you can check whether +Guava has included a scope ID before you add one yourself. + - Callers might pass the returned string to another system +that does not understand scope IDs. If so, you can strip the +scope ID off, whether by truncating the string form at a % +character (leaving behind any trailing ] character in the +case of forUriString) or by replacing the returned +InetAddress with a new instance constructed by calling +InetAddress.getByAddress(addr). + - java.net.InetAddress validates any provided scope ID against +the interfaces available on the machine. As a result, +methods in InetAddresses may now fail if the scope ID fails +validation. +* Notable cases in which this may happen include: + - if the code runs in an Android app without networking +permission + - if code passes InetAddress instances or strings across +devices +* If this is not the behavior that you want, then you can + strip off the scope ID from the input string before + passing it to Guava, as discussed above. + * Changes of version 33.2.0 ++ Dropped testing for Android versions before Lollipop (API + Level 21). Guava may stop working under older versions in + the future, or it may have done so already. ++ Fixed a GWT compilation breakage under Gradle. ++ collect: Made our Collector APIs (e.g., + ImmutableList.toImmutableList()) available in guava-android. + More Java 8 APIs will follow in future releases. + - As always, streams are available to Android code only when +that code enables library desugaring or targets a new enough +API Level (24 (Nougat) for many stream APIs). (But note that +we test only with library desugaring, so we don't currently +know if API Level 24 is high enough to use our Collector +APIs unless you have also enabled library desugaring.) Guava +users who avoid the Collector APIs do not need to meet this +requirement. ++ collect: Fixed a potential NullPointerException in + ImmutableMap.Builder on a rare code path. ++ net: Added HttpHeaders constants Ad-Auction-Allowed, + Permissions-Policy-Report-Only, and Sec-GPC. + +--- Old: v33.1.0.tar.gz New: v33.2.1.tar.gz Other differences: -- ++ guava.spec ++ --- /var/tmp/diff_new_pack.Kn7Q8m/_old 2024-06-12 15:40:21.254597213 +0200 +++ /var/tmp/diff_new_pack.Kn7Q8m/_new 2024-06-12 15:40:21.258597359 +0200 @@ -17,7 +17,7 @@ Name: guava -Version:33.1.0 +Version:33.2.1 Release:0 Summary:Google Core Libraries for Java License:Apache-2.0 AND CC0-1.0 ++ v33.1.0.tar.gz -> v33.2.1.tar.gz ++ 10173 lines of diff (skipped)
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2024-04-18 22:12:11 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.26366 (New) Package is "guava" Thu Apr 18 22:12:11 2024 rev:12 rq:1168638 version:33.1.0 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2024-03-13 22:20:17.932076216 +0100 +++ /work/SRC/openSUSE:Factory/.guava.new.26366/guava.changes 2024-04-18 22:13:15.742928514 +0200 @@ -1,0 +2,118 @@ +Wed Apr 17 16:34:39 UTC 2024 - Fridrich Strba + +- Upgrade to guava 33.1.0 + * Changes of version 33.1.0: ++ Updated our Error Prone dependency to 2.26.1, which includes + a JPMS-ready jar of annotations. If you use the Error Prone + annotations in a modular build of your own code, you may need + to add a requires line for them. ++ base: Added a Duration overload for + Suppliers.memoizeWithExpiration. ++ base: Deprecated the remaining two overloads of + Throwables.propagateIfPossible. They won't be deleted, but we + recommend migrating off them. ++ cache: Fixed a bug that could cause false "recursive load" + reports during refresh. ++ graph: Changed the return types of transitiveClosure() and + reachableNodes() to Immutable* types. reachableNodes() already + returned an immutable object (even though that was not + reflected in the declared return type); transitiveClosure() + used to return a mutable object. The old signatures remain + available, so this change does not break binary compatibility. ++ graph: Changed the behavior of views returned by graph + accessor methods that take a graph element as input: They now + throw IllegalStateException when that element is removed from + the graph. ++ hash: Optimized Checksum-based hash functions for Java 9+. ++ testing: Exposed FakeTicker Duration methods to Android users. ++ util.concurrent: Deprecated the constructors of + UncheckedExecutionException and ExecutionError that don't + accept a cause. We won't remove these constructors, but we + recommend migrating off them, as users of those classes often + assume that instances will contain a cause. ++ util.concurrent: Improved the correctness of racy accesses for + J2ObjC users. + * Changes of version 33.0.0: ++ This version of guava-android contains some package-private + methods whose signature includes the Java 8 Collector API. + This is a test to identify any problems before we expose those + methods publicly to users. Please report any problems that you + encounter. ++ Changed various classes to catch Exception instead of + RuntimeException even when only RuntimeException is + theoretically possible. This can help code that throws + undeclared exceptions, as some bytecode rewriters (e.g., + Robolectric) and languages (e.g., Kotlin) do. ++ Added an Automatic-Module-Name to failureaccess, Guava's one + strong runtime dependency. ++ reflect: In guava-android only, removed + Invokable.getAnnotatedReturnType() and + Parameter.getAnnotatedType(). These methods never worked in an + Android VM, and to reflect that, they were born @Deprecated, + @Beta, and @DoNotCall. They're now preventing us from rolling + out some new Android compatibility testing. This is the only + binary-incompatible change in this release, and it should have + no effect in practice. Still, we bump the major version number + to follow Semantic Versioning. ++ util.concurrent: Changed our implementations to avoid eagerly + initializing loggers during class loading. This can help + performance, especially under Android. + * Changes of version 32.1.3: ++ Changed Gradle Metadata to include dependency versions + directly. This may address "Could not find some-dependency" + errors that some users have reported (which might be a result + of users' excluding guava-parent). ++ collect: Changed Multisets.unmodifiableMultiset(set) + .removeIf(predicate) to throw an exception always, even if + nothing matches predicate. ++ graph: Fixed the behavior of Graph/ValueGraph views for a node + when that node is removed from the graph. ++ io: Fixed Files.createTempDir and FileBackedOutputStream under + Windows services, a rare use case. (The fix actually covers + only Java 9+ because Java 8 would require an additional + approach. Let us know if you need support under Java 8.) ++ net: Made MediaType.parse allow and skip over whitespace + around the / and = separator tokens in addition to the ; + separator, for which it was
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2024-03-13 22:19:21 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.1770 (New) Package is "guava" Wed Mar 13 22:19:21 2024 rev:11 rq:1157419 version:32.0.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2024-02-22 20:58:54.332018102 +0100 +++ /work/SRC/openSUSE:Factory/.guava.new.1770/guava.changes2024-03-13 22:20:17.932076216 +0100 @@ -1,0 +2,5 @@ +Tue Mar 12 18:57:05 UTC 2024 - Fridrich Strba + +- Fix version mismatch in the ant build files. + +--- Other differences: -- ++ guava-build.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/common.xml new/common.xml --- old/common.xml 2023-06-15 15:14:12.153667258 +0200 +++ new/common.xml 2024-03-12 19:51:46.831190765 +0100 @@ -3,9 +3,10 @@ - + - + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guava/build.xml new/guava/build.xml --- old/guava/build.xml 2021-05-10 20:21:25.778710719 +0200 +++ new/guava/build.xml 2024-03-12 19:55:31.971831344 +0100 @@ -228,13 +228,13 @@ - - + + - + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guava-testlib/build.xml new/guava-testlib/build.xml --- old/guava-testlib/build.xml 2021-05-10 17:41:35.613376965 +0200 +++ new/guava-testlib/build.xml 2024-03-12 19:50:50.967697439 +0100 @@ -61,6 +61,7 @@ optimize="false" deprecation="true" encoding="UTF-8" + release="${compiler.release}" target="${compiler.target}" verbose="false" fork="false" @@ -92,6 +93,7 @@ optimize="false" deprecation="true" encoding="UTF-8" + release="${compiler.release}" target="${compiler.target}" verbose="false" fork="false"
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2023-06-16 16:54:40 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.15902 (New) Package is "guava" Fri Jun 16 16:54:40 2023 rev:9 rq:1093336 version:32.0.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2022-05-25 20:35:13.500283134 +0200 +++ /work/SRC/openSUSE:Factory/.guava.new.15902/guava.changes 2023-06-16 16:55:47.402042224 +0200 @@ -1,0 +2,54 @@ +Thu Jun 15 13:20:35 UTC 2023 - Fridrich Strba + +- Upgrade to guava 32.0.1 + * Security fixes: ++ Reimplemented Files.createTempDir and FileBackedOutputStream + to further address CVE-2020-8908 (#4011, bsc#1179926) and + CVE-2023-2976 (#2575, bsc#1212401) + * Fixes: ++ io: Fixed Files.createTempDir and FileBackedOutputStream under + Windows, which broke as part of the security fix in release + 32.0.0 ++ Removed @Beta from almost all APIs. Most of the remaining + @Beta APIs are in graph and hash. ++ Enhanced the Guava jar to include Proguard configurations that + are picked up automatically by the Android Gradle Plugin. This + should help with warnings that were promoted to errors in + Android Gradle Plugin 8.x. ++ Enhanced the Guava jar to include information about method + parameters in its class files. If you use static analyzers + that look at method-parameter names, you may see new warnings + or errors if they are now able to detect mismatches. But + mostly, you may see better tooltips and autocompletion in + DEs. ++ Improved nullness annotations on a few classes. ++ Modified classes with "serial proxies" to declare + exception-throwing readObject methods, in accordance with best + practice. ++ collect: Fixed Maps.newHashMapWithExpectedSize to stop + allocating maps that were larger than they needed to be. ++ collect: Made various APIs work J2CL: + Maps.immutableEnumMap+toImmutableEnumMap, EnumMultiset, + CollectorTester. Previously, the APIs were present but failed + at runtime. ++ collect: Optimized memory usage for Interner and MapMaker. ++ graph: Changed directed graphs to reject attempts to add + undirected edges. ++ io: Added BaseEncoding.ignoreCase() to support + case-insensitive decoding. ++ net: Added HttpHeaders constants: + ~ No-Vary-Search + ~ Sec-CH-DPR + ~ Sec-CH-UA-Wow64 + ~ Sec-CH-Viewport-Width and Sec-CH-Viewport-Height + ~ Supports-Loading-Mode ++ net: Added the MediaType constant for JWT. ++ primitives: Added rotate() for arrays of all primitive types. ++ util.concurrent: Changed AbstractFuture to run + interruptTask() just before afterDone(). Until this change, it + ran slightly earlier than that: We used to run it before + unblocking any pending get() calls, and now we run it after. ++ util.concurrent: Fixed some cases in which we could catch + InterruptedException but fail to restore the interrupt bit. + +--- Old: v31.1.tar.gz New: v32.0.1.tar.gz Other differences: -- ++ guava.spec ++ --- /var/tmp/diff_new_pack.1YXPyI/_old 2023-06-16 16:55:47.978045622 +0200 +++ /var/tmp/diff_new_pack.1YXPyI/_new 2023-06-16 16:55:47.982045646 +0200 @@ -1,7 +1,7 @@ # # spec file for package guava # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: guava -Version:31.1 +Version:32.0.1 Release:0 Summary:Google Core Libraries for Java License:Apache-2.0 AND CC0-1.0 @@ -118,11 +118,11 @@ %files -f .mfiles %doc CONTRIBUTORS README* -%license COPYING +%license LICENSE %files javadoc %{_javadocdir}/%{name} -%license COPYING +%license LICENSE %files testlib -f .mfiles-guava-testlib ++ guava-build.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/common.xml new/common.xml --- old/common.xml 2022-05-17 02:33:57.060608131 +0200 +++ new/common.xml 2023-06-15 15:14:12.153667258 +0200 @@ -3,7 +3,7 @@ - + ++ v31.1.tar.gz -> v32.0.1.tar.gz ++ 108051 lines of diff (skipped)
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2022-05-25 20:34:43 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.2254 (New) Package is "guava" Wed May 25 20:34:43 2022 rev:8 rq:979202 version:31.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2022-05-19 22:49:36.322356833 +0200 +++ /work/SRC/openSUSE:Factory/.guava.new.2254/guava.changes2022-05-25 20:35:13.500283134 +0200 @@ -4,0 +5,44 @@ + * Fixes: ++ base: Deprecated the Throwables methods lazyStackTrace and + lazyStackTraceIsLazy. They are no longer useful on any current + platform. ++ collect: Added a new method + ImmutableMap.Builder.buildKeepingLast(), which keeps the last + value for any given key rather than throwing an exception when + a key appears more than once. ++ collect: As a side-effect of the buildKeepingLast() change, + the idiom + ImmutableList.copyOf(Maps.transformValues(map, function)) + may produce different results if function has side-effects. ++ hash: Added Hashing.fingerprint2011(). ++ io: Changed ByteStreams.nullOutputStream() to follow the + contract of OutputStream.write by throwing an exception if + the range of bytes is out of bounds. ++ net: Added @CheckReturnValue to the package (with a few + exceptions). ++ net: Added HttpHeaders constant for + Access-Control-Allow-Private-Network. ++ util.concurrent: Added accumulate/update methods for + AtomicDouble and AtomicDoubleArray. + * APIs promoted from @Beta: ++ base: Throwables methods getCausalChain and getCauseAs ++ collect: Streams methods mapWithIndex and findLast ++ collect: the remaining methods in Comparators: min, max, + lexicographical, emptiesFirst, emptiesLast, isInOrder, + isInStrictOrder ++ escape: various APIs ++ io: various APIs in Files ++ net: various APIs ++ reflect: various APIs ++ testlib: various APIs ++ util.concurrent: AsyncCallable, ListenableScheduledFuture, + and ClosingFuture ++ util.concurrent: ExecutionSequencer, + MoreExecutors.newSequentialExecutor, and Monitor ++ util.concurrent: Futures methods: submit, submitAsync, + scheduleAsync, nonCancellationPropagating, inCompletionOrder ++ util.concurrent: Uninterruptibles: + awaitTerminationUninterruptibly and the Duration overloads in + the class ++ util.concurrent: the FluentFuture type, its factory methods, + and addCallback @@ -19,0 +64,8 @@ + * Fixes: ++ cache: Fixed compatibility between asMap().compute(...) + and a load. ++ cache: Added @CheckReturnValue to some APIs. ++ collect: Added @DoNotCall to the mutator methods on immutable + types ++ hash: Removed @Beta from HashCode. ++ io: Removed @Beta from CountingOutputStream. Other differences: --
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2022-05-19 22:49:23 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.1538 (New) Package is "guava" Thu May 19 22:49:23 2022 rev:7 rq:977988 version:31.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2022-03-11 21:42:02.442106270 +0100 +++ /work/SRC/openSUSE:Factory/.guava.new.1538/guava.changes2022-05-19 22:49:36.322356833 +0200 @@ -1,0 +2,10 @@ +Wed May 18 17:26:01 UTC 2022 - Fridrich Strba + +- Upgrade to guava 31.1 + * Remove the hack of removing annotations, since we have now +all the required dependencies packaged +- Removed patch: + * donotmock.patch ++ hack not needed any more + +--- Old: donotmock.patch v30.1.1.tar.gz New: v31.1.tar.gz Other differences: -- ++ guava.spec ++ --- /var/tmp/diff_new_pack.WyfXuA/_old 2022-05-19 22:49:37.290358074 +0200 +++ /var/tmp/diff_new_pack.WyfXuA/_new 2022-05-19 22:49:37.290358074 +0200 @@ -17,7 +17,7 @@ Name: guava -Version:30.1.1 +Version:31.1 Release:0 Summary:Google Core Libraries for Java License:Apache-2.0 AND CC0-1.0 @@ -25,9 +25,11 @@ URL:https://github.com/google/guava Source0:https://github.com/google/guava/archive/v%{version}.tar.gz Source1:%{name}-build.tar.xz -Patch0: donotmock.patch BuildRequires: ant +BuildRequires: checker-qual BuildRequires: fdupes +BuildRequires: google-errorprone-annotations +BuildRequires: j2objc-annotations BuildRequires: javapackages-local BuildRequires: jsr-305 BuildRequires: junit @@ -52,8 +54,6 @@ %package testlib Summary:The guava-testlib artifact Group: Development/Libraries/Java -Requires: mvn(com.google.code.findbugs:jsr305) -Requires: mvn(com.google.guava:guava) Requires: mvn(junit:junit) %description testlib @@ -61,7 +61,6 @@ %prep %setup -q -a1 -%patch0 -p1 find . -name '*.jar' -delete @@ -74,29 +73,9 @@ %pom_xpath_inject /pom:project/pom:build/pom:plugins/pom:plugin/pom:configuration/pom:instructions "<_nouses>true" guava/pom.xml -%pom_remove_dep -r :error_prone_annotations -%pom_remove_dep -r :j2objc-annotations -%pom_remove_dep -r org.checkerframework: - %pom_remove_dep -r :listenablefuture %pom_remove_dep -r :failureaccess -annotations=$( -find -name '*.java' \ -| xargs grep -F -h \ --e 'import com.google.j2objc.annotations' \ --e 'import com.google.errorprone.annotation' \ --e 'import org.codehaus.mojo.animal_sniffer' \ --e 'import org.checkerframework' \ -| sort -u \ -| sed 's/.*\.\([^.]*\);/\1/' \ -| paste -sd\| -) -# guava started using quite a few annotation libraries for code quality, which -# we don't have. This ugly regex is supposed to remove their usage from the code -find -name '*.java' | xargs sed -ri \ -"s/^import .*\.($annotations);//;s/@($annotations)"'\>\s*(\((("[^"]*")|([^)]*))\))?//g' - for mod in guava guava-testlib futures/failureaccess; do %pom_remove_parent ${mod} %pom_xpath_inject pom:project ' @@ -104,11 +83,15 @@ %{version}' ${mod} done -%pom_change_dep -r -f : : +%pom_change_dep -r :error_prone_annotations :::provided +%pom_change_dep -r :j2objc-annotations :::provided +%pom_change_dep -r org.checkerframework: :::provided + +%pom_change_dep -r -f %build mkdir -p lib -build-jar-repository -s lib junit jsr-305 +build-jar-repository -s lib junit jsr-305 google-errorprone/annotations checker-qual j2objc-annotations %{ant} -Dtest.skip=true package javadoc %install ++ guava-build.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/common.xml new/common.xml --- old/common.xml 2021-05-10 17:05:58.631896847 +0200 +++ new/common.xml 2022-05-17 02:33:57.060608131 +0200 @@ -3,7 +3,7 @@ - + ++ v30.1.1.tar.gz -> v31.1.tar.gz ++ 151384 lines of diff (skipped)
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2022-03-11 21:41:39 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.25692 (New) Package is "guava" Fri Mar 11 21:41:39 2022 rev:6 rq:961077 version:30.1.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2021-05-11 23:04:20.948906020 +0200 +++ /work/SRC/openSUSE:Factory/.guava.new.25692/guava.changes 2022-03-11 21:42:02.442106270 +0100 @@ -1,0 +2,5 @@ +Fri Mar 11 12:13:02 UTC 2022 - Fridrich Strba + +- Remove parent reference from ALL distributed pom files + +--- Other differences: -- ++ guava.spec ++ --- /var/tmp/diff_new_pack.m8AO5g/_old 2022-03-11 21:42:02.922106638 +0100 +++ /var/tmp/diff_new_pack.m8AO5g/_new 2022-03-11 21:42:02.926106641 +0100 @@ -1,7 +1,7 @@ # # spec file for package guava # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -97,7 +97,7 @@ find -name '*.java' | xargs sed -ri \ "s/^import .*\.($annotations);//;s/@($annotations)"'\>\s*(\((("[^"]*")|([^)]*))\))?//g' -for mod in guava guava-testlib; do +for mod in guava guava-testlib futures/failureaccess; do %pom_remove_parent ${mod} %pom_xpath_inject pom:project ' com.google.guava
commit guava for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package guava for openSUSE:Factory checked in at 2021-05-11 23:04:14 Comparing /work/SRC/openSUSE:Factory/guava (Old) and /work/SRC/openSUSE:Factory/.guava.new.2988 (New) Package is "guava" Tue May 11 23:04:14 2021 rev:5 rq:892204 version:30.1.1 Changes: --- /work/SRC/openSUSE:Factory/guava/guava.changes 2019-12-10 22:41:18.181834050 +0100 +++ /work/SRC/openSUSE:Factory/.guava.new.2988/guava.changes2021-05-11 23:04:20.948906020 +0200 @@ -1,0 +2,14 @@ +Mon May 10 14:59:41 UTC 2021 - Fridrich Strba + +- Upgrade to guava 30.1.1 + * fixes bsc#1179926, CVE-2020-8908: temp directory creation +vulnerability in Guava versions prior to 30.0 +- Removed patch: + * guava-25.0-java8compat.patch ++ the compatibility is handled in the upstream code +- Added patch: + * donotmock.patch ++ patch @DoNotMock annotation occurrences in order to put them + in a format that our regex is able to identify and kill + +--- Old: guava-25.0-java8compat.patch v25.0.tar.gz New: donotmock.patch v30.1.1.tar.gz Other differences: -- ++ guava.spec ++ --- /var/tmp/diff_new_pack.A0ic1g/_old 2021-05-11 23:04:21.676902699 +0200 +++ /var/tmp/diff_new_pack.A0ic1g/_new 2021-05-11 23:04:21.680902681 +0200 @@ -1,7 +1,7 @@ # # spec file for package guava # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: guava -Version:25.0 +Version:30.1.1 Release:0 Summary:Google Core Libraries for Java License:Apache-2.0 AND CC0-1.0 @@ -25,7 +25,7 @@ URL:https://github.com/google/guava Source0:https://github.com/google/guava/archive/v%{version}.tar.gz Source1:%{name}-build.tar.xz -Patch0: %{name}-%{version}-java8compat.patch +Patch0: donotmock.patch BuildRequires: ant BuildRequires: fdupes BuildRequires: javapackages-local @@ -74,11 +74,13 @@ %pom_xpath_inject /pom:project/pom:build/pom:plugins/pom:plugin/pom:configuration/pom:instructions "<_nouses>true" guava/pom.xml -%pom_remove_dep -r :animal-sniffer-annotations %pom_remove_dep -r :error_prone_annotations %pom_remove_dep -r :j2objc-annotations %pom_remove_dep -r org.checkerframework: +%pom_remove_dep -r :listenablefuture +%pom_remove_dep -r :failureaccess + annotations=$( find -name '*.java' \ | xargs grep -F -h \ @@ -107,7 +109,7 @@ %build mkdir -p lib build-jar-repository -s lib junit jsr-305 -%ant -Dtest.skip=true package javadoc +%{ant} -Dtest.skip=true package javadoc %install # jars @@ -118,7 +120,10 @@ # poms install -dm 0755 %{buildroot}%{_mavenpomdir}/%{name} install -pm 0644 %{name}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/%{name}.pom -%add_maven_depmap %{name}/%{name}.pom %{name}/%{name}.jar -f %{name} +%add_maven_depmap %{name}/%{name}.pom %{name}/%{name}.jar +# We integrated this artifact in our main package +install -pm 0644 futures/failureaccess/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/failureaccess.pom +%add_maven_depmap %{name}/failureaccess.pom %{name}/%{name}.jar install -pm 0644 %{name}-testlib/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/%{name}-testlib.pom %add_maven_depmap %{name}/%{name}-testlib.pom %{name}/%{name}-testlib.jar -f %{name}-testlib @@ -128,7 +133,7 @@ cp -r %{name}-testlib/target/site/apidocs %{buildroot}%{_javadocdir}/%{name}/%{name}-testlib %fdupes -s %{buildroot}%{_javadocdir} -%files -f .mfiles-guava +%files -f .mfiles %doc CONTRIBUTORS README* %license COPYING ++ donotmock.patch ++ --- guava-30.1/guava/src/com/google/common/graph/Traverser.java 2021-05-10 16:45:16.248098756 +0200 +++ guava-30.1/guava/src/com/google/common/graph/Traverser.java 2021-05-10 16:53:38.627252038 +0200 @@ -60,9 +60,7 @@ * @since 23.1 */ @Beta -@DoNotMock( -"Call forGraph or forTree, passing a lambda or a Graph with the desired edges (built with" -+ " GraphBuilder)") +@DoNotMock("Call forGraph or forTree, passing a lambda or a Graph with the desired edges (built with GraphBuilder)") public abstract class Traverser { private final SuccessorsFunction successorFunction; --- guava-30.1/guava/src/com/google/common/util/concurrent/ClosingFuture.java 2021-05-10 16:45:16.256098806 +0200 +++ guava-30.1/guava/src/com/google/common/util/concurrent/ClosingFuture.java 2021-05-10 16:55:44.184040192 +0200 @@ -32,6 +32,7 @@ import static