[cxf] Upstream release 2.7.11
Marek Goldmann
goldmann at fedoraproject.org
Tue Mar 24 08:58:23 UTC 2015
commit 34436612794aa4d9d22a6732813a5de199b2d2a9
Author: Marek Goldmann <marek.goldmann at gmail.com>
Date: Tue Mar 24 09:58:06 2015 +0100
Upstream release 2.7.11
- Fixes RHBZ#1065245, RHBZ#1068021, RHBZ#1106113
- Fixes CVE-2014-0034, CVE-2014-0035, CVE-2014-0109, CVE-2014-0110,
CVE-2014-3584
.gitignore | 1 +
0001-JDK-8-support.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
cxf.spec | 46 +++++++++++++++++++++++++++++++++++++++++-----
sources | 2 +-
4 files changed, 85 insertions(+), 6 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5a1cb3b..f946391 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
/apache-cxf-2.6.3-src.tar.gz
/apache-cxf-2.6.6-src.tar.gz
/apache-cxf-2.7.5-src.tar.gz
+/apache-cxf-2.7.11-src.tar.gz
diff --git a/0001-JDK-8-support.patch b/0001-JDK-8-support.patch
new file mode 100644
index 0000000..079cb11
--- /dev/null
+++ b/0001-JDK-8-support.patch
@@ -0,0 +1,42 @@
+From 49ccacc8cb1395ee8f0960deb0448a143e540c5d Mon Sep 17 00:00:00 2001
+From: Marek Goldmann <marek.goldmann at gmail.com>
+Date: Tue, 8 Jul 2014 10:54:51 +0200
+Subject: [PATCH] JDK 8 support
+
+---
+ .../cxf/configuration/spring/AbstractSpringBeanMap.java | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/api/src/main/java/org/apache/cxf/configuration/spring/AbstractSpringBeanMap.java b/api/src/main/java/org/apache/cxf/configuration/spring/AbstractSpringBeanMap.java
+index 9495d9a..bcbcd94 100644
+--- a/api/src/main/java/org/apache/cxf/configuration/spring/AbstractSpringBeanMap.java
++++ b/api/src/main/java/org/apache/cxf/configuration/spring/AbstractSpringBeanMap.java
+@@ -167,11 +167,11 @@ abstract class AbstractSpringBeanMap<X, V>
+ return idToBeanName.isEmpty() && putStore.isEmpty();
+ }
+
+- public Set<X> keySet() {
+- Set<X> keys = new LinkedHashSet<X>();
+- keys.addAll(putStore.keySet());
+- keys.addAll(idToBeanName.keySet());
+- return keys;
++ public ConcurrentHashMap.KeySetView<X,V> keySet() {
++ ConcurrentHashMap.KeySetView keySetView = ConcurrentHashMap.newKeySet();
++ keySetView.addAll(putStore.keySet());
++ keySetView.addAll(idToBeanName.keySet());
++ return keySetView;
+ }
+
+ public V put(X key, V value) {
+@@ -258,7 +258,7 @@ abstract class AbstractSpringBeanMap<X, V>
+ return AbstractSpringBeanMap.this.isEmpty();
+ }
+
+- public Set<X> keySet() {
++ public ConcurrentHashMap.KeySetView<X,V> keySet() {
+ return AbstractSpringBeanMap.this.keySet();
+ }
+
+--
+1.9.3
+
diff --git a/cxf.spec b/cxf.spec
index eff722d..3491132 100644
--- a/cxf.spec
+++ b/cxf.spec
@@ -3,14 +3,16 @@
Name: cxf
Epoch: 1
-Version: 2.7.5
-Release: 5%{?dist}
+Version: 2.7.11
+Release: 1%{?dist}
Summary: Apache CXF
License: ASL 2.0
URL: http://cxf.apache.org/
Source0: http://archive.apache.org/dist/%{name}/%{version}/%{tarname}.tar.gz
+Patch0: 0001-JDK-8-support.patch
+
BuildArch: noarch
BuildRequires: maven-local
@@ -28,6 +30,8 @@ BuildRequires: maven-shared-artifact-resolver
BuildRequires: maven-shared-downloader
BuildRequires: maven-surefire-plugin
BuildRequires: maven-war-plugin
+BuildRequires: maven-wagon-ssh
+BuildRequires: maven-site-plugin
BuildRequires: activemq-core
BuildRequires: apache-commons-lang
BuildRequires: apache-mina
@@ -36,8 +40,8 @@ BuildRequires: objectweb-asm
BuildRequires: batik
BuildRequires: bouncycastle
BuildRequires: cglib
-BuildRequires: cxf-build-utils
-BuildRequires: cxf-xjc-utils
+BuildRequires: cxf-build-utils >= 2.6.0-1
+BuildRequires: cxf-xjc-utils >= 2.6.2-1
BuildRequires: ehcache-core
BuildRequires: felix-osgi-core
BuildRequires: geronimo-annotation
@@ -48,14 +52,16 @@ BuildRequires: glassfish-jax-rs-api
BuildRequires: glassfish-fastinfoset
BuildRequires: jandex
BuildRequires: javamail
-BuildRequires: jboss-connector-1.6-api
+BuildRequires: jboss-connector-1.6-api >= 1.0.1-1
BuildRequires: jboss-servlet-3.0-api
BuildRequires: jboss-jaxws-2.2-api
BuildRequires: jibx
BuildRequires: jra
+BuildRequires: logback
BuildRequires: neethi
BuildRequires: opensaml-java
BuildRequires: opensaml-java-parent
+BuildRequires: opensaml-java-xmltooling >= 1.3.4-8
BuildRequires: springframework >= 3.1.1-9
BuildRequires: springframework-aop
BuildRequires: springframework-beans
@@ -64,12 +70,20 @@ BuildRequires: springframework-jms
BuildRequires: springframework-tx
BuildRequires: springframework-web
BuildRequires: springframework-webmvc
+BuildRequires: tycho
BuildRequires: velocity
BuildRequires: wsdl4j
BuildRequires: wss4j >= 1.6.10
BuildRequires: xml-commons-resolver
+BuildRequires: xmlbeans
BuildRequires: ws-xmlschema
+%if 0%{?fedora} >= 21
+BuildRequires: log4j12
+%else
+BuildRequires: log4j
+%endif
+
%description
Apache CXF is an open-source services framework that aids in
the development of services using front-end programming APIs,
@@ -119,6 +133,8 @@ Apache CXF Command Line Tools.
find . -name "*.jar" -delete
find . -name "*.class" -delete
+%patch0 -p1
+
iconv -f macintosh -t utf8 < licenses/cdd1-1.0.txt > cdd.txt
mv -f cdd.txt licenses/cdd1-1.0.txt
@@ -147,6 +163,7 @@ do
done
+
# Make sure we add the version requirements for just added APIs in parent pom.xml
%pom_xpath_inject "pom:dependencyManagement/pom:dependencies/pom:dependency[pom:artifactId='${newaid}']" "<version>${version}</version>" parent/pom.xml
@@ -170,6 +187,7 @@ EOF
# Disable Maven plugins submodules
# Requires jsr-339, jaxrs 2.0
+%pom_disable_module "java2wadl-plugin" maven-plugins/pom.xml
%pom_disable_module "wadl2java-plugin" maven-plugins/pom.xml
%pom_disable_module "wsdl-validator-plugin" maven-plugins/pom.xml
%pom_disable_module "corba" maven-plugins/pom.xml
@@ -192,11 +210,20 @@ EOF
%pom_disable_module "rs/security/oauth-parent" rt/pom.xml
%pom_disable_module "rs/security/cors" rt/pom.xml
+%pom_disable_module xkms-itests services/xkms/pom.xml
+%pom_disable_module xkms-features services/xkms/pom.xml
+%pom_disable_module xkms-war services/xkms/pom.xml
+
# The repository system is offline but the artifact org.apache.httpcomponents:httpasyncclient:jar:4.0-beta3 is not available in the local repository
%pom_disable_module "transports/http-hc" rt/pom.xml
%pom_disable_module "javascript-tests" rt/javascript/pom.xml
+%pom_disable_module wsn-core services/wsn/pom.xml
+%pom_disable_module wsn-osgi services/wsn/pom.xml
+
+%pom_remove_dep "com.wordnik:swagger-jaxrs_2.10" rt/frontend/jaxrs/pom.xml
+
# Disable tools submodules
# Requires frontend/jaxrs
%pom_disable_module "wadlto" tools/pom.xml
@@ -221,6 +248,10 @@ rm -rf services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Ldap*
%pom_remove_dep "com.hazelcast:hazelcast" services/sts/sts-war/pom.xml
rm -rf services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCast*
+%pom_xpath_set "pom:dependencies/pom:dependency[pom:artifactId = 'log4j']/pom:version" 12 services/sts/sts-core/pom.xml
+
+sed -i "s|@Override||" services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/LoggerPatternLayoutLog4J.java
+
# Disable checkstyle plugin
%pom_remove_plugin "org.apache.maven.plugins:maven-checkstyle-plugin" parent/pom.xml
@@ -310,6 +341,11 @@ install -pm 644 rt/ws/security/target/cxf-rt-ws-security-%{version}-jandex.jar %
%doc LICENSE NOTICE
%changelog
+* Tue Mar 24 2015 Marek Goldmann <mgoldman at redhat.com> - 1:2.7.11-1
+- Upstream release 2.7.11
+- Fixes RHBZ#1065245, RHBZ#1068021, RHBZ#1106113
+- Fixes CVE-2014-0034, CVE-2014-0035, CVE-2014-0109, CVE-2014-0110, CVE-2014-3584
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:2.7.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/sources b/sources
index 2de2240..e132323 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1379216f3154f75e0b49aa2b7dcdf233 apache-cxf-2.7.5-src.tar.gz
+8e2734c1663baa1703044f0b7ec6d6d8 apache-cxf-2.7.11-src.tar.gz
More information about the scm-commits
mailing list