Blob Blame History Raw
%{?scl:%scl_package jackson-databind}
%{!?scl:%global pkg_name %{name}}

Name:          %{?scl_prefix}jackson-databind
Version:       2.7.6
Release:       2.10%{?dist}
Summary:       General data-binding package for Jackson (2.x)
License:       ASL 2.0 and LGPLv2+
URL:           http://wiki.fasterxml.com/JacksonHome
Source0:       https://github.com/FasterXML/jackson-databind/archive/%{pkg_name}-%{version}.tar.gz
Patch0:        CVE-2017-7525.patch
Patch1:        CVE-2017-15095.patch
Patch2:        CVE-2017-17485-1.patch
Patch3:        CVE-2017-17485-2.patch
Patch4:        CVE-2018-11307.patch
Patch5:        CVE-2018-12022.patch
Patch6:        CVE-2018-12023.patch
Patch7:        CVE-2018-14718.patch
Patch8:        CVE-2018-14719.patch
Patch9:        CVE-2018-14720.patch
Patch10:       CVE-2018-14721.patch
Patch11:       CVE-2018-19360.patch
Patch12:       CVE-2018-19361.patch
Patch13:       CVE-2018-19362.patch
Patch14:       CVE-2019-12384.patch
Patch15:       CVE-2019-14379.patch
Patch16:       CVE-2019-17531.patch
Patch17:       CVE-2020_10969-11113-10968-11111-11112.patch
Patch18:       CVE-2020-11619.patch
Patch19:       CVE-2020-11620.patch

BuildRequires: %{?scl_prefix}maven-local
BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson:jackson-parent:pom:)
BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson.core:jackson-annotations) >= 2.4.1
BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson.core:jackson-core) >= 2.4.1
BuildRequires: %{?scl_prefix}mvn(com.google.guava:guava)
BuildRequires: %{?scl_prefix}mvn(com.google.code.maven-replacer-plugin:replacer)
BuildRequires: %{?scl_prefix}mvn(org.powermock:powermock-api-mockito)
BuildRequires: %{?scl_prefix}mvn(org.powermock:powermock-module-junit4)

BuildArch:     noarch

%description
General data-binding functionality for Jackson:
works on core streaming API.

%package javadoc
Summary:       Javadoc for %{pkg_name}

%description javadoc
This package contains javadoc for %{pkg_name}.

%prep
%setup -q -n %{pkg_name}-%{pkg_name}-%{version}
%patch0 -p1
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1

cp -p src/main/resources/META-INF/LICENSE .
cp -p src/main/resources/META-INF/NOTICE .
sed -i 's/\r//' LICENSE NOTICE

# unavailable test deps
%pom_remove_dep javax.measure:jsr-275
rm src/test/java/com/fasterxml/jackson/databind/introspect/NoClassDefFoundWorkaroundTest.java
%pom_xpath_remove pom:classpathDependencyExcludes

%pom_xpath_inject "pom:plugin[pom:artifactId='maven-javadoc-plugin']/pom:configuration" "<additionalparam>-Xdoclint:none</additionalparam>"
%pom_xpath_remove pom:failOnError

# org.powermock.reflect.exceptions.FieldNotFoundException: Field 'fTestClass' was not found in class org.junit.internal.runners.MethodValidator.
rm src/test/java/com/fasterxml/jackson/databind/type/TestTypeFactoryWithClassLoader.java

# Off test that require connection with the web
rm src/test/java/com/fasterxml/jackson/databind/ser/TestJdkTypes.java \
 src/test/java/com/fasterxml/jackson/databind/deser/TestJdkTypes.java \
 src/test/java/com/fasterxml/jackson/databind/TestJDKSerialization.java

%mvn_file : %{pkg_name}

%build

%mvn_build -- -Dmaven.test.failure.ignore=true

%install
%mvn_install

%files -f .mfiles
%doc README.md release-notes/*
%license LICENSE NOTICE

%files javadoc -f .mfiles-javadoc
%license LICENSE NOTICE

%changelog
* Mon May 18 2020 Joe Orton <jorton@redhat.com> - 2.7.6-2.10
- Resolves: CVE-2020-11619, CVE-2020-11620

* Tue Apr 14 2020 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.9
- Fix security vulnerabilities
- Resolves: CVE-2020-10969, CVE-2020-11113, CVE-2020-10968, CVE-2020-11111,
  CVE-2020-11112

* Wed Dec 04 2019 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.8
- Fix CVE-2019-17531

* Thu Sep 05 2019 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.7
- Fix CVE-2019-14379

* Wed Jul 10 2019 Joe Orton <jorton@redhat.com> - 2.7.6-2.6
- fix CVE-2019-12384

* Tue Apr 02 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 2.7.6-2.5
- Fix various security flaws
- Resolves: CVE-2018-11307, CVE-2018-12022, CVE-2018-12023,
  CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721,
  CVE-2018-19360, CVE-2018-19361, CVE-2018-19362

* Wed Jan 31 2018 Mikolaj Izdebski <mizdebsk@redhat.com> - 2.7.6-2.4
- Fix deserialization vulnerability
- Resolves: CVE-2017-17485

* Tue Dec 19 2017 Mikolaj Izdebski <mizdebsk@redhat.com> - 2.7.6-2.3
- Fix deserialization vulnerability
- Resolves: CVE-2017-7525, CVE-2017-15095

* Thu Jun 22 2017 Michael Simacek <msimacek@redhat.com> - 2.7.6-2.2
- Mass rebuild 2017-06-22

* Wed Jun 21 2017 Java Maintainers <java-maint@redhat.com> - 2.7.6-2.1
- Automated package import and SCL-ization

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Aug 22 2016 gil cattaneo <puntogil@libero.it> 2.7.6-1
- update to 2.7.6

* Fri Jun 24 2016 gil cattaneo <puntogil@libero.it> 2.6.7-1
- update to 2.6.7

* Thu May 26 2016 gil cattaneo <puntogil@libero.it> 2.6.6-1
- update to 2.6.6

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Sun Oct 25 2015 gil cattaneo <puntogil@libero.it> 2.6.3-1
- update to 2.6.3

* Mon Sep 28 2015 gil cattaneo <puntogil@libero.it> 2.6.2-1
- update to 2.6.2

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sat Jan 31 2015 gil cattaneo <puntogil@libero.it> 2.5.0-1
- update to 2.5.0

* Sat Sep 20 2014 gil cattaneo <puntogil@libero.it> 2.4.2-1
- update to 2.4.2

* Wed Jul 23 2014 gil cattaneo <puntogil@libero.it> 2.4.1.3-1
- update to 2.4.1.3

* Thu Jul 03 2014 gil cattaneo <puntogil@libero.it> 2.4.1.1-1
- update to 2.4.1.1

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 2.2.2-4
- Use Requires: java-headless rebuild (#1067528)

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Mon Jul 22 2013 gil cattaneo <puntogil@libero.it> 2.2.2-2
- review fixes

* Tue Jul 16 2013 gil cattaneo <puntogil@libero.it> 2.2.2-1
- 2.2.2
- renamed jackson-databind

* Tue May 07 2013 gil cattaneo <puntogil@libero.it> 2.2.1-1
- 2.2.1

* Wed Oct 24 2012 gil cattaneo <puntogil@libero.it> 2.1.0-1
- update to 2.1.0
- renamed jackson2-databind

* Thu Sep 13 2012 gil cattaneo <puntogil@libero.it> 2.0.6-1
- initial rpm