[libspring-java] 04/19: Removed the patch for CVE-2013-4152 (fixed upstream)

Wed Dec 3 15:39:45 UTC 2014

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository libspring-java.

commit 3b9ca83e520a7a441a62818bc70fd11bdd8c7b59
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Wed Nov 26 16:08:45 2014 +0100

    Removed the patch for CVE-2013-4152 (fixed upstream)
---
 ...rocessExternalEntities-to-JAXB2Marshaller.patch | 116 ---------------------
 debian/patches/series                              |   1 -
 2 files changed, 117 deletions(-)

diff --git a/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch b/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch
deleted file mode 100644
index 77afb93..0000000
--- a/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From: Markus Koschany <apo at gambaru.de>
-Date: Thu, 5 Dec 2013 10:59:47 +0100
-Subject: Add 'processExternalEntities to JAXB2Marshaller
-
-Added 'processExternalEntities' property to the JAXB2Marshaller, which
-indicates whether external XML entities are processed when
-unmarshalling.
-
-Default is false, meaning that external entities are not resolved.
-Processing of external entities will only be enabled/disabled when the
-Source} passed to #unmarshal(Source) is a SAXSource or StreamSource. It
-has no effect for DOMSource or StAXSource instances.
-
-Original patch by Arjen Poutsma.
-
-Bug: http://bugs.debian.org/720902
----
- .../springframework/oxm/jaxb/Jaxb2Marshaller.java  | 56 ++++++++++++++++++++++
- 1 file changed, 56 insertions(+)
-
-diff --git a/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java b/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java
-index 890ce18..1b3412d 100644
---- a/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java
-+++ b/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java
-@@ -61,7 +61,9 @@ import javax.xml.stream.XMLStreamReader;
- import javax.xml.stream.XMLStreamWriter;
- import javax.xml.transform.Result;
- import javax.xml.transform.Source;
-+import javax.xml.transform.dom.DOMSource;
- import javax.xml.transform.sax.SAXSource;
-+import javax.xml.transform.stream.StreamSource;
- import javax.xml.validation.Schema;
- import javax.xml.validation.SchemaFactory;
- 
-@@ -158,6 +160,8 @@ public class Jaxb2Marshaller
- 
- 	private boolean lazyInit = false;
- 
-+	private boolean processExternalEntities = false;
-+
- 
- 	/**
- 	 * Set multiple JAXB context paths. The given array of context paths is converted to a
-@@ -301,6 +305,18 @@ public class Jaxb2Marshaller
- 		this.lazyInit = lazyInit;
- 	}
- 
-+	/**
-+	 * Indicates whether external XML entities are processed when unmarshalling.
-+	 * <p>Default is {@code false}, meaning that external entities are not resolved.
-+	 * Note that processing of external entities will only be enabled/disabled when the
-+	 * {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or
-+	 * {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource}
-+	 * instances.
-+	 */
-+	public void setProcessExternalEntities(boolean processExternalEntities) {
-+		this.processExternalEntities = processExternalEntities;
-+	}
-+
- 	public void setBeanClassLoader(ClassLoader classLoader) {
- 		this.beanClassLoader = classLoader;
- 	}
-@@ -569,6 +585,8 @@ public class Jaxb2Marshaller
- 	}
- 
- 	public Object unmarshal(Source source, MimeContainer mimeContainer) throws XmlMappingException {
-+		source = processSource(source);
-+
- 		try {
- 			Unmarshaller unmarshaller = createUnmarshaller();
- 			if (this.mtomEnabled && mimeContainer != null) {
-@@ -616,6 +634,44 @@ public class Jaxb2Marshaller
- 		}
- 	}
- 
-+	private Source processSource(Source source) {
-+		if (StaxUtils.isStaxSource(source) || source instanceof DOMSource) {
-+			return source;
-+		}
-+
-+		XMLReader xmlReader = null;
-+		InputSource inputSource = null;
-+
-+		if (source instanceof SAXSource) {
-+			SAXSource saxSource = (SAXSource) source;
-+			xmlReader = saxSource.getXMLReader();
-+			inputSource = saxSource.getInputSource();
-+		}
-+		else if (source instanceof StreamSource) {
-+			StreamSource streamSource = (StreamSource) source;
-+			if (streamSource.getInputStream() != null) {
-+				inputSource = new InputSource(streamSource.getInputStream());
-+			}
-+			else if (streamSource.getReader() != null) {
-+				inputSource = new InputSource(streamSource.getReader());
-+			}
-+		}
-+
-+		try {
-+			if (xmlReader == null) {
-+				xmlReader = XMLReaderFactory.createXMLReader();
-+			}
-+			xmlReader.setFeature("http://xml.org/sax/features/external-general-entities",
-+					this.processExternalEntities);
-+
-+			return new SAXSource(xmlReader, inputSource);
-+		}
-+		catch (SAXException ex) {
-+			logger.warn("Processing of external entities could not be disabled", ex);
-+			return source;
-+		}
-+	}
-+
- 	/**
- 	 * Template method that can be overridden by concrete JAXB marshallers for custom initialization behavior.
- 	 * Gets called after creation of JAXB <code>Marshaller</code>, and after the respective properties have been set.
diff --git a/debian/patches/series b/debian/patches/series
index 95f0a61..76d3302 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,5 +9,4 @@
 0009_hibernate_validator_41.diff
 0010_velocity_17.diff
 0011-java7-compat.patch
-Add-processExternalEntities-to-JAXB2Marshaller.patch
 0012_use_debian_asm4.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libspring-java.git

