[cas-client] update to 3.3.3, fix CVE-2014-4172 (rhbz#1131371)
gil
gil at fedoraproject.org
Tue Aug 19 11:01:39 UTC 2014
commit 162ff6d95ccf23b84bf5ea0ba981aab79d1b7ecc
Author: gil <puntogil at libero.it>
Date: Tue Aug 19 12:57:34 2014 +0200
update to 3.3.3, fix CVE-2014-4172 (rhbz#1131371)
.gitignore | 1 +
cas-client-3.2.1-opensaml2.patch | 392 --------------------
...ntegration-tomcat-v7-unreported-exception.patch | 20 +-
cas-client.spec | 45 ++-
sources | 2 +-
5 files changed, 44 insertions(+), 416 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2eaae88..72a0c9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/cas-client-3.2.1-release.tar.gz
+/cas-client-3.3.3.tar.gz
diff --git a/cas-client-3.2.1-integration-tomcat-v7-unreported-exception.patch b/cas-client-3.3.3-integration-tomcat-v7-unreported-exception.patch
similarity index 55%
rename from cas-client-3.2.1-integration-tomcat-v7-unreported-exception.patch
rename to cas-client-3.3.3-integration-tomcat-v7-unreported-exception.patch
index b7d9324..4cc8c4a 100644
--- a/cas-client-3.2.1-integration-tomcat-v7-unreported-exception.patch
+++ b/cas-client-3.3.3-integration-tomcat-v7-unreported-exception.patch
@@ -1,19 +1,19 @@
---- cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java 2011-08-02 03:45:45.000000000 +0200
-+++ cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java-gil 2012-11-16 20:12:01.043438006 +0100
-@@ -189,10 +189,14 @@
+--- cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java 2014-08-15 14:51:04.000000000 +0200
++++ cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java-gil 2014-08-19 12:00:36.859141278 +0200
+@@ -183,10 +183,14 @@
}
-
+
/** {@inheritDoc} */
- protected synchronized void setState(LifecycleState state, Object data) {
- super.setState(state, data);
- if (LifecycleState.STARTED.equals(state)) {
-- this.log.info(getName() + " started.");
-+ protected synchronized void setState(LifecycleState state, Object data) throws LifecycleException {
+- logger.info("{} started.", getName());
++ protected synchronized void setState(LifecycleState state, Object data) throws LifecycleException {
+ try {
-+ super.setState(state, data);
-+ if (LifecycleState.STARTED.equals(state)) {
-+ this.log.info(getName() + " started.");
-+ }
++ super.setState(state, data);
++ if (LifecycleState.STARTED.equals(state)) {
++ logger.info("{} started.", getName());
++ }
+ } catch (final Exception e) {
+ throw new LifecycleException(e);
}
diff --git a/cas-client.spec b/cas-client.spec
index c64a1d3..a5e9f83 100644
--- a/cas-client.spec
+++ b/cas-client.spec
@@ -1,19 +1,16 @@
Name: cas-client
-Version: 3.2.1
-Release: 5%{?dist}
+Version: 3.3.3
+Release: 1%{?dist}
Summary: Jasig CAS Client for Java
License: ASL 2.0 and BSD
Url: http://www.jasig.org/cas
-Source0: http://downloads.jasig.org/cas-clients/%{name}-%{version}-release.tar.gz
+Source0: https://github.com/Jasig/java-%{name}/archive/%{name}-%{version}.tar.gz
# cas-client package don't include the license file
# from http://www.jasig.org/cas/license
Source1: %{name}-LICENSE.txt
Source2: http://www.apache.org/licenses/LICENSE-2.0.txt
-Patch0: %{name}-%{version}-integration-tomcat-v7-unreported-exception.patch
-Patch1: %{name}-%{version}-opensaml2.patch
-
-BuildRequires: java-devel
+Patch0: %{name}-3.3.3-integration-tomcat-v7-unreported-exception.patch
BuildRequires: apache-commons-codec
BuildRequires: ehcache-core
@@ -31,7 +28,14 @@ BuildRequires: xml-security
# test deps
BuildRequires: apache-commons-logging
BuildRequires: junit
+%if %{fedora} > 20
BuildRequires: log4j12
+BuildRequires: mvn(org.slf4j:jcl-over-slf4j)
+BuildRequires: mvn(org.slf4j:slf4j-nop)
+BuildRequires: mvn(org.slf4j:slf4j-simple)
+%else
+BuildRequires: log4j
+%endif
BuildRequires: slf4j
# org.springframework:spring-test
BuildRequires: springframework
@@ -42,7 +46,6 @@ BuildRequires: maven-source-plugin
BuildRequires: maven-surefire-provider-junit
Requires: springframework-beans
-Requires: spymemcached
Requires: tomcat-servlet-3.0-api
BuildArch: noarch
@@ -58,17 +61,18 @@ Summary: Javadoc for %{name}
This package contains javadoc for %{name}.
%prep
-%setup -q
-rm -r modules/*
+%setup -q -n java-%{name}-%{name}-%{version}
%patch0 -p0
-%patch1 -p1
find . -name "*.class" -delete
find . -name "*.jar" -delete
%pom_remove_parent
%pom_remove_plugin :maven-assembly-plugin
+%pom_remove_plugin :maven-source-plugin
+%pom_remove_plugin :maven-enforcer-plugin
+
# require
# com.atlassian.seraph atlassian-seraph 2.4.0
# com.atlassian.osuser atlassian-osuser 1.1.2
@@ -78,13 +82,23 @@ find . -name "*.jar" -delete
%pom_disable_module cas-client-integration-jboss
%pom_disable_module cas-client-integration-tomcat-v6
+%pom_remove_dep javax.servlet:javax.servlet-api
+%pom_add_dep org.apache.tomcat:tomcat-servlet-api::provided
+
%pom_remove_dep xml-security:xmlsec cas-client-core
%pom_add_dep org.apache.santuario:xmlsec::runtime cas-client-core
%pom_add_dep org.slf4j:slf4j-nop::test cas-client-support-distributed-ehcache
+sed -i.log4j12 "s|<version>1.2.15|<version>1.2.17|" cas-client-core/pom.xml
+
%pom_remove_dep org.springframework:spring-test cas-client-core
-rm -r cas-client-core/src/test/java/org/jasig/cas/client/session/SingleSignoutHandlerTests.java \
+rm -r cas-client-core/src/test/java/org/jasig/cas/client/session/SingleSignOutHandlerTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/session/SingleSignOutFilterTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/authentication/DefaultAuthenticationRedirectStrategyTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/authentication/FacesCompatibleAuthenticationRedirectStrategyTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java \
cas-client-core/src/test/java/org/jasig/cas/client/util/CasFilterTests.java \
cas-client-core/src/test/java/org/jasig/cas/client/util/CommonUtilsTests.java \
cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java \
@@ -93,7 +107,8 @@ rm -r cas-client-core/src/test/java/org/jasig/cas/client/session/SingleSignoutHa
# this test fails
rm -r cas-client-support-distributed-ehcache/src/test/java/EhCacheBackedProxyGrantingTicketStorageImplTests.java
rm -r cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidatorTests.java \
- cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java
+ cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java \
+ cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidatorTests.java
cp -p %{SOURCE1} LICENSE.txt
@@ -115,6 +130,10 @@ sed -i 's/\r//' LICENSE.txt LICENSE-2.0.txt
%doc LICENSE.txt LICENSE-2.0.txt
%changelog
+* Tue Aug 19 2014 gil cattaneo <puntogil at libero.it> 3.3.3-1
+- update to 3.3.3
+- fix CVE-2014-4172 (rhbz#1131371)
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/sources b/sources
index fd9b661..2661094 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-bf3a1b4a4f691f423b2b8e92f2d37f6c cas-client-3.2.1-release.tar.gz
+aebd35c41d983aac0a39a07fdd80edd7 cas-client-3.3.3.tar.gz
More information about the scm-commits
mailing list