%{?scl:%scl_package jackson-databind} %{!?scl:%global pkg_name %{name}} Name: %{?scl_prefix}jackson-databind Version: 2.7.6 Release: 2.12%{?dist} Summary: General data-binding package for Jackson (2.x) License: ASL 2.0 and LGPLv2+ URL: http://wiki.fasterxml.com/JacksonHome Source0: https://github.com/FasterXML/jackson-databind/archive/%{pkg_name}-%{version}.tar.gz Patch0: CVE-2017-7525.patch Patch1: CVE-2017-15095.patch Patch2: CVE-2017-17485-1.patch Patch3: CVE-2017-17485-2.patch Patch4: CVE-2018-11307.patch Patch5: CVE-2018-12022.patch Patch6: CVE-2018-12023.patch Patch7: CVE-2018-14718.patch Patch8: CVE-2018-14719.patch Patch9: CVE-2018-14720.patch Patch10: CVE-2018-14721.patch Patch11: CVE-2018-19360.patch Patch12: CVE-2018-19361.patch Patch13: CVE-2018-19362.patch Patch14: CVE-2019-12384.patch Patch15: CVE-2019-14379.patch Patch16: CVE-2019-17531.patch Patch17: CVE-2020_10969-11113-10968-11111-11112.patch Patch18: CVE-2020-11619.patch Patch19: CVE-2020-11620.patch Patch20: CVE-2020-24750.patch Patch21: CVE-2020-25649.patch BuildRequires: %{?scl_prefix}maven-local BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson:jackson-parent:pom:) BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson.core:jackson-annotations) >= 2.4.1 BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson.core:jackson-core) >= 2.4.1 BuildRequires: %{?scl_prefix}mvn(com.google.guava:guava) BuildRequires: %{?scl_prefix}mvn(com.google.code.maven-replacer-plugin:replacer) BuildRequires: %{?scl_prefix}mvn(org.powermock:powermock-api-mockito) BuildRequires: %{?scl_prefix}mvn(org.powermock:powermock-module-junit4) BuildArch: noarch %description General data-binding functionality for Jackson: works on core streaming API. %package javadoc Summary: Javadoc for %{pkg_name} %description javadoc This package contains javadoc for %{pkg_name}. %prep %setup -q -n %{pkg_name}-%{pkg_name}-%{version} %patch0 -p1 %patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 cp -p src/main/resources/META-INF/LICENSE . cp -p src/main/resources/META-INF/NOTICE . sed -i 's/\r//' LICENSE NOTICE # unavailable test deps %pom_remove_dep javax.measure:jsr-275 rm src/test/java/com/fasterxml/jackson/databind/introspect/NoClassDefFoundWorkaroundTest.java %pom_xpath_remove pom:classpathDependencyExcludes %pom_xpath_inject "pom:plugin[pom:artifactId='maven-javadoc-plugin']/pom:configuration" "-Xdoclint:none" %pom_xpath_remove pom:failOnError # org.powermock.reflect.exceptions.FieldNotFoundException: Field 'fTestClass' was not found in class org.junit.internal.runners.MethodValidator. rm src/test/java/com/fasterxml/jackson/databind/type/TestTypeFactoryWithClassLoader.java # Off test that require connection with the web rm src/test/java/com/fasterxml/jackson/databind/ser/TestJdkTypes.java \ src/test/java/com/fasterxml/jackson/databind/deser/TestJdkTypes.java \ src/test/java/com/fasterxml/jackson/databind/TestJDKSerialization.java %mvn_file : %{pkg_name} %build %mvn_build -- -Dmaven.test.failure.ignore=true %install %mvn_install %files -f .mfiles %doc README.md release-notes/* %license LICENSE NOTICE %files javadoc -f .mfiles-javadoc %license LICENSE NOTICE %changelog * Thu Oct 15 2020 Marian Koncek - 2.7.6-2.12 - Fix security vulnerability - Resolves: CVE-2020-25649 * Fri Sep 25 2020 Marian Koncek - 2.7.6-2.11 - Fix security vulnerabilities - Resolves: CVE-2020-24750 * Mon May 18 2020 Joe Orton - 2.7.6-2.10 - Resolves: CVE-2020-11619, CVE-2020-11620 * Tue Apr 14 2020 Marian Koncek - 2.7.6-2.9 - Fix security vulnerabilities - Resolves: CVE-2020-10969, CVE-2020-11113, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112 * Wed Dec 04 2019 Marian Koncek - 2.7.6-2.8 - Fix CVE-2019-17531 * Thu Sep 05 2019 Marian Koncek - 2.7.6-2.7 - Fix CVE-2019-14379 * Wed Jul 10 2019 Joe Orton - 2.7.6-2.6 - fix CVE-2019-12384 * Tue Apr 02 2019 Mikolaj Izdebski - 2.7.6-2.5 - Fix various security flaws - Resolves: CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362 * Wed Jan 31 2018 Mikolaj Izdebski - 2.7.6-2.4 - Fix deserialization vulnerability - Resolves: CVE-2017-17485 * Tue Dec 19 2017 Mikolaj Izdebski - 2.7.6-2.3 - Fix deserialization vulnerability - Resolves: CVE-2017-7525, CVE-2017-15095 * Thu Jun 22 2017 Michael Simacek - 2.7.6-2.2 - Mass rebuild 2017-06-22 * Wed Jun 21 2017 Java Maintainers - 2.7.6-2.1 - Automated package import and SCL-ization * Fri Feb 10 2017 Fedora Release Engineering - 2.7.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Aug 22 2016 gil cattaneo 2.7.6-1 - update to 2.7.6 * Fri Jun 24 2016 gil cattaneo 2.6.7-1 - update to 2.6.7 * Thu May 26 2016 gil cattaneo 2.6.6-1 - update to 2.6.6 * Thu Feb 04 2016 Fedora Release Engineering - 2.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Sun Oct 25 2015 gil cattaneo 2.6.3-1 - update to 2.6.3 * Mon Sep 28 2015 gil cattaneo 2.6.2-1 - update to 2.6.2 * Wed Jun 17 2015 Fedora Release Engineering - 2.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat Jan 31 2015 gil cattaneo 2.5.0-1 - update to 2.5.0 * Sat Sep 20 2014 gil cattaneo 2.4.2-1 - update to 2.4.2 * Wed Jul 23 2014 gil cattaneo 2.4.1.3-1 - update to 2.4.1.3 * Thu Jul 03 2014 gil cattaneo 2.4.1.1-1 - update to 2.4.1.1 * Sat Jun 07 2014 Fedora Release Engineering - 2.2.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Mar 28 2014 Michael Simacek - 2.2.2-4 - Use Requires: java-headless rebuild (#1067528) * Sat Aug 03 2013 Fedora Release Engineering - 2.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 22 2013 gil cattaneo 2.2.2-2 - review fixes * Tue Jul 16 2013 gil cattaneo 2.2.2-1 - 2.2.2 - renamed jackson-databind * Tue May 07 2013 gil cattaneo 2.2.1-1 - 2.2.1 * Wed Oct 24 2012 gil cattaneo 2.1.0-1 - update to 2.1.0 - renamed jackson2-databind * Thu Sep 13 2012 gil cattaneo 2.0.6-1 - initial rpm