From d4c15a678d151aa45df1e6884e427aa2258bf37b Mon Sep 17 00:00:00 2001
From: CentOS Buildsys <bugs@centos.org>
Date: Oct 01 2013 10:19:55 +0000
Subject: import plexus-digest-1.1-14.el7.src.rpm


---

diff --git a/.plexus-digest.metadata b/.plexus-digest.metadata
new file mode 100644
index 0000000..91febd1
--- /dev/null
+++ b/.plexus-digest.metadata
@@ -0,0 +1 @@
+87ed66787a918e81839e7aeb85083ab368e2f53e SOURCES/plexus-digest-1.1-src.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/0001-Do-not-use-algorithm-name-as-regular-expression.patch b/SOURCES/0001-Do-not-use-algorithm-name-as-regular-expression.patch
new file mode 100644
index 0000000..0b9223f
--- /dev/null
+++ b/SOURCES/0001-Do-not-use-algorithm-name-as-regular-expression.patch
@@ -0,0 +1,47 @@
+From 10955c0d72fc11324cebcb2bd8fe4bf56f0f8887 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Fri, 27 Sep 2013 12:49:53 +0200
+Subject: [PATCH] Do not use algorithm name as regular expression
+
+In org.codehaus.plexus.digest.DigestUtils.cleanChecksum(String,
+String, String), the second parameter is used as part of the regular
+expression.  Compiling the resulting regular expression can result in
+a VM error with a crafted algorithm name.  The regular expression
+should be a constant, with a capture group for the algorithm name, and
+the name should be checked after matching.
+
+Originally reported by Florian Weimer in:
+https://bugzilla.redhat.com/show_bug.cgi?id=959454
+---
+ src/main/java/org/codehaus/plexus/digest/DigestUtils.java | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/main/java/org/codehaus/plexus/digest/DigestUtils.java b/src/main/java/org/codehaus/plexus/digest/DigestUtils.java
+index a54a8c0..430c3a8 100644
+--- a/src/main/java/org/codehaus/plexus/digest/DigestUtils.java
++++ b/src/main/java/org/codehaus/plexus/digest/DigestUtils.java
+@@ -51,16 +51,17 @@ public class DigestUtils
+         String trimmedChecksum = checksum.replace( '\n', ' ' ).trim();
+ 
+         // Free-BSD / openssl
+-        String regex = algorithm.replaceAll( "-", "" ) + "\\s*\\((.*?)\\)\\s*=\\s*([a-fA-F0-9]+)";
++        algorithm = algorithm.replaceAll( "-", "" );
++        String regex = "(.{" + algorithm.length() + "})\\s*\\((.*?)\\)\\s*=\\s*([a-fA-F0-9]+)";
+         Matcher m = Pattern.compile( regex ).matcher( trimmedChecksum );
+-        if ( m.matches() )
++        if ( m.matches() && m.group( 1 ).equals( algorithm ) )
+         {
+-            String filename = m.group( 1 );
++            String filename = m.group( 2 );
+             if ( !isValidChecksumPattern( filename, path ) )
+             {
+                 throw new DigesterException( "Supplied checksum does not match checksum pattern" );
+             }
+-            trimmedChecksum = m.group( 2 );
++            trimmedChecksum = m.group( 3 );
+         }
+         else
+         {
+-- 
+1.8.3.1
+
diff --git a/SOURCES/plexus-digest-fix-test-dependencies.patch b/SOURCES/plexus-digest-fix-test-dependencies.patch
new file mode 100644
index 0000000..59a9d9a
--- /dev/null
+++ b/SOURCES/plexus-digest-fix-test-dependencies.patch
@@ -0,0 +1,17 @@
+diff --git a/pom.xml b/pom.xml
+index 14bfb88..6e143f7 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -13,6 +13,12 @@
+   <dependencies>
+     <dependency>
+       <groupId>org.codehaus.plexus</groupId>
++      <artifactId>plexus-container-default</artifactId>
++      <version>1.5.5</version>
++      <scope>test</scope>
++    </dependency>
++    <dependency>
++      <groupId>org.codehaus.plexus</groupId>
+       <artifactId>plexus-utils</artifactId>
+       <version>1.4.1</version>
+     </dependency>
diff --git a/SOURCES/plexus-digest-migration-to-component-metadata.patch b/SOURCES/plexus-digest-migration-to-component-metadata.patch
new file mode 100644
index 0000000..c67f57b
--- /dev/null
+++ b/SOURCES/plexus-digest-migration-to-component-metadata.patch
@@ -0,0 +1,17 @@
+diff -Naur plexus-digest.orig/pom.xml plexus-digest/pom.xml
+--- plexus-digest.orig/pom.xml	2007-05-21 21:31:52.000000000 +0200
++++ plexus-digest/pom.xml	2011-07-26 18:54:21.375748376 +0200
+@@ -22,11 +22,11 @@
+     <plugins>
+       <plugin>
+         <groupId>org.codehaus.plexus</groupId>
+-        <artifactId>plexus-maven-plugin</artifactId>
++        <artifactId>plexus-component-metadata</artifactId>
+         <executions>
+           <execution>
+             <goals>
+-              <goal>descriptor</goal>
++              <goal>generate-metadata</goal>
+             </goals>
+           </execution>
+         </executions>
diff --git a/SPECS/plexus-digest.spec b/SPECS/plexus-digest.spec
new file mode 100644
index 0000000..f7f7d44
--- /dev/null
+++ b/SPECS/plexus-digest.spec
@@ -0,0 +1,183 @@
+# Copyright (c) 2000-2005, JPackage Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the JPackage Project nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+%global parent plexus
+%global subname digest
+
+Name:           plexus-digest
+Version:        1.1
+Release:        14%{?dist}
+Epoch:          0
+Summary:        Plexus Digest / Hashcode Components
+License:        ASL 2.0
+Group:          Development/Libraries
+URL:            http://plexus.codehaus.org/plexus-components/plexus-digest/
+Source0:        %{name}-%{version}-src.tar.gz
+# svn export http://svn.codehaus.org/plexus/plexus-components/tags/plexus-digest-1.1/ plexus-digest/
+# tar czf plexus-digest-1.1-src.tar.gz plexus-digest/
+
+Patch0:         %{name}-migration-to-component-metadata.patch
+Patch1:         %{name}-fix-test-dependencies.patch
+Patch2:         0001-Do-not-use-algorithm-name-as-regular-expression.patch
+
+BuildArch:      noarch
+
+BuildRequires:  jpackage-utils >= 0:1.7.2
+BuildRequires:  ant >= 0:1.6
+BuildRequires:  maven-local
+BuildRequires:  maven-compiler-plugin
+BuildRequires:  maven-install-plugin
+BuildRequires:  maven-jar-plugin
+BuildRequires:  maven-javadoc-plugin
+BuildRequires:  maven-resources-plugin
+BuildRequires:  maven-surefire-plugin
+BuildRequires:  maven-surefire-provider-junit
+BuildRequires:  qdox >= 1.5
+BuildRequires:  plexus-containers-component-metadata
+BuildRequires:  plexus-cdc
+
+
+%description
+The Plexus project seeks to create end-to-end developer tools for
+writing applications. At the core is the container, which can be
+embedded or for a full scale application server. There are many
+reusable components for hibernate, form processing, jndi, i18n,
+velocity, etc. Plexus also includes an application server which
+is like a J2EE application server, without all the baggage.
+
+%package javadoc
+Summary:        Javadoc for %{name}
+Group:          Documentation
+
+%description javadoc
+Javadoc for %{name}.
+
+%prep
+%setup -q -n %{name}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+
+%build
+%mvn_file  : %{parent}/%{subname}
+%mvn_build
+
+%install
+%mvn_install
+
+%files -f .mfiles
+
+%files javadoc -f .mfiles-javadoc
+
+%changelog
+* Fri Sep 27 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.1-14
+- Do not use algorithm name as regular expression
+
+* Fri Jun 28 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.1-13
+- Rebuild to regenerate API documentation
+- Resolves: CVE-2013-1571
+
+* Fri Feb 08 2013 Michal Srb <msrb@redhat.com> - 0:1.1-12
+- Remove unnecessary BR on maven-doxia and maven-doxia-sitetools
+
+* Wed Feb 06 2013 Java SIG <java-devel@lists.fedoraproject.org> - 0:1.1-11
+- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
+- Replace maven BuildRequires with maven-local
+
+* Thu Jan 17 2013 Michal Srb <msrb@redhat.com> - 0:1.1-10
+- Build with xmvn
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:1.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue May 22 2012 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:1.1-8
+- Fix test dependencies
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:1.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Oct 17 2011 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:1.1-6
+- Rebuild for java 1.6.0 downgrade (fesco ticket 663)
+
+* Tue Jul 26 2011 Jaromir Capik <jcapik@redhat.com> - 0:1.1-5
+- Migration from plexus-maven-plugin to plexus-containers-component-metadata
+- Minor spec file changes according to the latest guidelines
+
+* Sun Jun 12 2011 Alexander Kurtakov <akurtako@redhat.com> 0:1.1-4
+- Build with maven 3.x
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:1.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Dec 8 2010 Alexander Kurtakov <akurtako@redhat.com> 0:1.1-2
+- Drop ant build.
+- Adapt to new guidelines.
+
+* Tue Dec 22 2009 Alexander Kurtakov <akurtako@redhat.com> 0:1.1-1
+- Update to upstream 1.1.
+
+* Tue Dec 22 2009 Alexander Kurtakov <akurtako@redhat.com> 0:1.0-10
+- Drop not needed depmap.
+- Build with maven.
+
+* Fri Aug 21 2009 Alexander Kurtakov <akurtako@redhat.com> 0:1.0-9
+- Fix License, formatting and comments.
+
+* Sun May 17 2009 Fernando Nasser <fnasser@redhat.com> 0:1.0-8
+- Fix license
+
+* Tue Apr 30 2009 Yong Yang <yyang@redhat.com> 1.0-7
+- Rebuild with new maven2 2.0.8 built in non-bootstrap mode
+
+* Tue Apr 30 2009 Yong Yang <yyang@redhat.com> 1.0-6
+- force to BR plexus-cdc alpha 10
+- rebuild without maven
+
+* Tue Apr 30 2009 Yong Yang <yyang@redhat.com> 1.0-5
+- Add BRs maven-doxia*, qdox
+- Enable jpp-depmap
+- Rebuild with new maven2 2.0.8 built in non-bootstrap mode
+- ignore test failure
+
+* Tue Mar 17 2009 Yong Yang <yyang@redhat.com> 1.0-4
+- rebuild with new maven2 2.0.8 built in bootstrap mode
+
+* Thu Feb 05 2009 Yong Yang <yyang@redhat.com> 1.0-3
+- Fix release tag
+
+* Wed Jan 14 2009 Yong Yang <yyang@redhat.com> 1.0-2jpp.1
+- Import from dbhole's maven 2.0.8 packages, initial building
+
+* Mon Jan 07 2008 Deepak Bhole <dbhole@redhat.com> 1.0-1jpp.1
+- Import from JPackage
+- Update per Fedora spec
+
+* Wed Nov 14 2007 Ralph Apel <r.apel @ r-apel.de> - 0:1.0-1jpp
+- Initial build