[Git][java-team/libsejda-java][master] 3 commits: New upstream version 4.2.11
Markus Koschany (@apo)
gitlab at salsa.debian.org
Sat Dec 25 20:58:15 GMT 2021
Markus Koschany pushed to branch master at Debian Java Maintainers / libsejda-java
Commits:
cd824b68 by Markus Koschany at 2021-12-25T21:54:26+01:00
New upstream version 4.2.11
- - - - -
07ffe60d by Markus Koschany at 2021-12-25T21:54:56+01:00
Update upstream source from tag 'upstream/4.2.11'
Update to upstream version '4.2.11'
with Debian dir e483cef719a993ab7653d5a478f29dab0d1bbcbd
- - - - -
d5c4db6e by Markus Koschany at 2021-12-25T21:55:40+01:00
Update changelog
- - - - -
13 changed files:
- .github/workflows/maven.yml
- debian/changelog
- pom.xml
- sejda-conversion/pom.xml
- sejda-core/pom.xml
- sejda-distribution/pom.xml
- sejda-docs/pom.xml
- sejda-fonts/pom.xml
- sejda-image-writers/pom.xml
- sejda-model/pom.xml
- sejda-model/src/test/java/org/sejda/model/validation/validator/PdfVersionValidatorTest.java
- sejda-sambox/pom.xml
- sejda-sambox/src/main/java/org/sejda/impl/sambox/SetMetadataTask.java
Changes:
=====================================
.github/workflows/maven.yml
=====================================
@@ -1,5 +1,4 @@
-
-name: Build with JDK matrix
+name: build
on:
push:
@@ -10,20 +9,16 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- java: ['8', '11', '16', '17-ea']
+ java: ['8', '11', '17']
name: JDK ${{ matrix.java }}
steps:
- uses: actions/checkout at v2
- name: Set up JDK
- uses: actions/setup-java at v1
+ uses: actions/setup-java at v2
with:
java-version: ${{ matrix.java }}
- - uses: actions/cache at v1
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
- restore-keys: |
- ${{ runner.os }}-maven-
+ distribution: 'temurin'
+ cache: 'maven'
- name: Build with Maven
- run: mvn -V -B package --file pom.xml
+ run: mvn --batch-mode --update-snapshots verify
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+libsejda-java (4.2.11-1) unstable; urgency=medium
+
+ * New upstream version 4.2.11.
+
+ -- Markus Koschany <apo at debian.org> Sat, 25 Dec 2021 21:55:28 +0100
+
libsejda-java (4.2.9-1) unstable; urgency=medium
* New upstream version 4.2.9.
=====================================
pom.xml
=====================================
@@ -6,7 +6,7 @@
<artifactId>sejda-parent</artifactId>
<packaging>pom</packaging>
<name>sejda</name>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<description>An extendible and configurable PDF manipulation layer library. A ready to use java library to perform PDF documents manipulation without having to deal with the low level API. Sejda offers many "ready to go" manipulations implemented using the SAMBox but it can be extended to use other implementations.</description>
<organization>
@@ -32,7 +32,7 @@
<connection>scm:git:git at github.com:torakiki/sejda.git</connection>
<developerConnection>scm:git:git at github.com:torakiki/sejda.git</developerConnection>
<url>scm:git:git at github.com:torakiki/sejda.git</url>
- <tag>v4.2.9</tag>
+ <tag>v4.2.11</tag>
</scm>
<developers>
@@ -62,7 +62,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-toolchains-plugin</artifactId>
- <version>3.0.0</version>
<executions>
<execution>
<goals>
@@ -88,7 +87,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.0.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
@@ -106,7 +104,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
- <version>2.5.3</version>
<configuration>
<tagNameFormat>v@{project.version}</tagNameFormat>
<preparationGoals>clean install</preparationGoals>
@@ -267,17 +264,52 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
- <version>3.1.1</version>
+ <version>3.3.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
- <version>3.1.2</version>
+ <version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
- <version>1.6</version>
+ <version>3.0.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-release-plugin</artifactId>
+ <version>3.0.0-M4</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.8.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>3.2.0</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>3.0.0-M5</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>3.2.0</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-clean-plugin</artifactId>
+ <version>3.1.0</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-toolchains-plugin</artifactId>
+ <version>3.0.0</version>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
@@ -293,7 +325,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.0.1</version>
+ <version>3.3.1</version>
</plugin>
</plugins>
</pluginManagement>
@@ -302,7 +334,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
@@ -311,7 +342,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
- <version>3.1.0</version>
<executions>
<execution>
<id>attach-sources</id>
@@ -321,11 +351,6 @@
</execution>
</executions>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>3.0.0-M3</version>
- </plugin>
</plugins>
</build>
@@ -355,20 +380,20 @@
<sejda.commons.version>1.1.7</sejda.commons.version>
<junit.version>4.13.1</junit.version>
<slf4j.version>1.7.30</slf4j.version>
- <commons.lang.version>3.9</commons.lang.version>
- <commons.io.version>2.7</commons.io.version>
+ <commons.lang.version>3.12.0</commons.lang.version>
+ <commons.io.version>2.11.0</commons.io.version>
<validation.api.version>1.0.0.GA</validation.api.version>
- <mockito.version>3.0.0</mockito.version>
- <logback.version>1.2.3</logback.version>
+ <mockito.version>4.1.0</mockito.version>
+ <logback.version>1.2.8</logback.version>
<jdepend.version>2.9.1</jdepend.version>
<hibernate-validator.version>4.2.0.Final</hibernate-validator.version>
<hamcrest.version>1.3</hamcrest.version>
- <sambox.version>2.3.1</sambox.version>
+ <sambox.version>2.3.4</sambox.version>
<sejda.io.version>2.1.3</sejda.io.version>
- <bouncycastle.version>1.69</bouncycastle.version>
- <twelvemonkeys.version>3.4.2</twelvemonkeys.version>
- <metadata-extractor.version>2.15.0</metadata-extractor.version>
- <thumbnailator.version>0.4.13</thumbnailator.version>
+ <bouncycastle.version>1.70</bouncycastle.version>
+ <twelvemonkeys.version>3.8.0</twelvemonkeys.version>
+ <metadata-extractor.version>2.16.0</metadata-extractor.version>
+ <thumbnailator.version>0.4.15</thumbnailator.version>
<!-- so that build is not platform dependent via encoding -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<timestamp>${maven.build.timestamp}</timestamp>
=====================================
sejda-conversion/pom.xml
=====================================
@@ -10,7 +10,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-core/pom.xml
=====================================
@@ -5,7 +5,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-distribution/pom.xml
=====================================
@@ -10,7 +10,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-docs/pom.xml
=====================================
@@ -5,7 +5,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-fonts/pom.xml
=====================================
@@ -10,7 +10,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-image-writers/pom.xml
=====================================
@@ -6,7 +6,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-model/pom.xml
=====================================
@@ -6,7 +6,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-model/src/test/java/org/sejda/model/validation/validator/PdfVersionValidatorTest.java
=====================================
@@ -21,7 +21,7 @@ package org.sejda.model.validation.validator;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.anyString;
+import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
=====================================
sejda-sambox/pom.xml
=====================================
@@ -6,7 +6,7 @@
<parent>
<groupId>org.sejda</groupId>
<artifactId>sejda-parent</artifactId>
- <version>4.2.9</version>
+ <version>4.2.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
sejda-sambox/src/main/java/org/sejda/impl/sambox/SetMetadataTask.java
=====================================
@@ -45,10 +45,7 @@ import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.*;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
@@ -155,10 +152,20 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
}
+ private XPathFactory newXPathFactory() {
+ try {
+ XPathFactory f = XPathFactory.newInstance();
+ f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ return f;
+ } catch (XPathFactoryConfigurationException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
private void setDate(String path, Document document, Calendar calendar) throws XPathExpressionException {
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
- XPath xPath = XPathFactory.newInstance().newXPath();
+ XPath xPath = newXPathFactory().newXPath();
Node node = (Node) xPath.compile(path).evaluate(document, XPathConstants.NODE);
if(node != null) {
String value = "";
@@ -170,7 +177,7 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
}
private void setText(String path, Document document, String value) throws XPathExpressionException {
- XPath xPath = XPathFactory.newInstance().newXPath();
+ XPath xPath = newXPathFactory().newXPath();
Node node = (Node) xPath.compile(path).evaluate(document, XPathConstants.NODE);
if(node != null) {
if(value == null) {
@@ -184,6 +191,14 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
try {
DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ f.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ //f.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ f.setXIncludeAware(false);
+ f.setExpandEntityReferences(false);
DocumentBuilder b = f.newDocumentBuilder();
Document document = b.parse(catalog.getMetadata().createInputStream());
@@ -203,6 +218,9 @@ public class SetMetadataTask extends BaseTask<SetMetadataParameters> {
// write the DOM object to the file
TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transformerFactory.newTransformer();
StringWriter writer = new StringWriter();
View it on GitLab: https://salsa.debian.org/java-team/libsejda-java/-/compare/ad053f0887d69e572e2f8a6d2717317126d71623...d5c4db6eafd4f1a6562909778146c4d5a3fd060e
--
View it on GitLab: https://salsa.debian.org/java-team/libsejda-java/-/compare/ad053f0887d69e572e2f8a6d2717317126d71623...d5c4db6eafd4f1a6562909778146c4d5a3fd060e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20211225/1357b539/attachment.htm>
More information about the pkg-java-commits
mailing list