[Git][java-team/libhibernate-validator-java][master] 5 commits: Fixed the build failure with Java 11 (Closes: #911138)
Emmanuel Bourg
gitlab at salsa.debian.org
Wed Oct 17 16:17:44 BST 2018
Emmanuel Bourg pushed to branch master at Debian Java Maintainers / libhibernate-validator-java
Commits:
28d979dc by Emmanuel Bourg at 2018-10-17T15:12:53Z
Fixed the build failure with Java 11 (Closes: #911138)
- - - - -
c1111399 by Emmanuel Bourg at 2018-10-17T15:13:00Z
New upstream version 4.3.4
- - - - -
94d3a8b5 by Emmanuel Bourg at 2018-10-17T15:13:02Z
Update upstream source from tag 'upstream/4.3.4'
Update to upstream version '4.3.4'
with Debian dir 57e17131001f0b30781fb52814c1fedcd3df463f
- - - - -
58b52364 by Emmanuel Bourg at 2018-10-17T15:15:53Z
Refreshed the patches
- - - - -
fa00089c by Emmanuel Bourg at 2018-10-17T15:16:06Z
Upload to unstable
- - - - -
20 changed files:
- README.md
- annotation-processor/pom.xml
- archetype/pom.xml
- changelog.txt
- debian/changelog
- debian/maven.properties
- debian/patches/01-workaround-maven-repo-helper-bug.patch
- + debian/patches/05-jaxb-dependency.patch
- − debian/patches/CVE-2017-7536.patch
- debian/patches/series
- distribution/pom.xml
- documentation/pom.xml
- engine/pom.xml
- + engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
- engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
- engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
- integration/pom.xml
- performance/pom.xml
- pom.xml
- tck-runner/pom.xml
Changes:
=====================================
README.md
=====================================
@@ -1,6 +1,6 @@
# Hibernate Validator
-*Version: 4.3.3.Final, 19.05.2016*
+*Version: 4.3.4.Final, 29.05.2018*
## What is it?
@@ -40,7 +40,7 @@ Logging will delegate any log requests to that provider.
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
</dependency>
@@ -70,7 +70,7 @@ There are more build options available as well. For more information refer to [C
## Hibernate Validator URLs
* [Home Page](http://hibernate.org/validator/)
-* [Downloads](http://www.hibernate.org/subprojects/validator/download.html)
+* [Downloads](http://hibernate.org/validator/releases/4.3/)
* [Community Info](http://hibernate.org/community/)
* [Source Code](git://github.com/hibernate/hibernate-validator.git)
* [Issue Tracking](https://hibernate.atlassian.net/projects/HV)
=====================================
annotation-processor/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
archetype/pom.xml
=====================================
@@ -30,7 +30,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
changelog.txt
=====================================
@@ -1,6 +1,13 @@
Hibernate Validator Changelog
=============================
+
+4.3.4.Final (29.05.2018)
+------------------------
+
+** Bug
+ * [HV-1498] - Privilege escalation when running under the security manager
+
4.3.3.Final (19.05.2016)
------------------------
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+libhibernate-validator-java (4.3.4-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream release
+ - Removed the CVE-2017-7536 patch (fixed upstream)
+ * Fixed the build failure with Java 11 (Closes: #911138)
+
+ -- Emmanuel Bourg <ebourg at apache.org> Wed, 17 Oct 2018 17:16:01 +0200
+
libhibernate-validator-java (4.3.3-5) unstable; urgency=medium
* Team upload.
=====================================
debian/maven.properties
=====================================
@@ -1,2 +1,3 @@
# test code does not build due to missing jaxb-xjc
maven.test.skip=true
+maven.compiler.release=8
=====================================
debian/patches/01-workaround-maven-repo-helper-bug.patch
=====================================
@@ -7,7 +7,7 @@ Author: Emmanuel Bourg <ebourg at apache.org>
Forwarded: not-needed
--- a/pom.xml
+++ b/pom.xml
-@@ -298,14 +298,6 @@
+@@ -299,14 +299,6 @@
<artifactId>maven-jdocbook-plugin</artifactId>
<version>2.3.5</version>
<extensions>true</extensions>
=====================================
debian/patches/05-jaxb-dependency.patch
=====================================
@@ -0,0 +1,17 @@
+Description: Adds an explicit dependency on JAXB to build with Java 11
+Author: Emmanuel Bourg <ebourg at apache.org>
+Forwarded: no
+--- a/engine/pom.xml
++++ b/engine/pom.xml
+@@ -68,6 +68,11 @@
+ <artifactId>jsoup</artifactId>
+ <optional>true</optional>
+ </dependency>
++ <dependency>
++ <groupId>javax.xml.bind</groupId>
++ <artifactId>jaxb-api</artifactId>
++ <version>debian</version>
++ </dependency>
+
+ <!--
+ Test dependencies
=====================================
debian/patches/CVE-2017-7536.patch deleted
=====================================
@@ -1,84 +0,0 @@
-From: Markus Koschany <apo at debian.org>
-Date: Thu, 11 Jan 2018 14:39:09 +0100
-Subject: CVE-2017-7536
-
-Bug-Debian: https://bugs.debian.org/885577
-Origin: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113
----
- .../validator/HibernateValidatorPermission.java | 29 ++++++++++++++++++++++
- .../validator/internal/engine/ValidatorImpl.java | 6 +++++
- .../util/privilegedactions/GetDeclaredField.java | 1 -
- 3 files changed, 35 insertions(+), 1 deletion(-)
- create mode 100644 engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
-
-diff --git a/engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java b/engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
-new file mode 100644
-index 0000000..71b33b7
---- /dev/null
-+++ b/engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
-@@ -0,0 +1,29 @@
-+/*
-+ * Hibernate Validator, declare and validate application constraints
-+ *
-+ * License: Apache License, Version 2.0
-+ * See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
-+ */
-+package org.hibernate.validator;
-+
-+import java.security.BasicPermission;
-+
-+/**
-+ * Our specific implementation of {@link BasicPermission} as we cannot define additional {@link RuntimePermission}.
-+ * <p>
-+ * {@code HibernateValidatorPermission} is thread-safe and immutable.
-+ *
-+ * @author Guillaume Smet
-+ */
-+public class HibernateValidatorPermission extends BasicPermission {
-+
-+ public static final HibernateValidatorPermission ACCESS_PRIVATE_MEMBERS = new HibernateValidatorPermission( "accessPrivateMembers" );
-+
-+ public HibernateValidatorPermission(String name) {
-+ super( name );
-+ }
-+
-+ public HibernateValidatorPermission(String name, String actions) {
-+ super( name, actions );
-+ }
-+}
-diff --git a/engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java b/engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
-index 02d2b97..00b78e2 100644
---- a/engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
-+++ b/engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
-@@ -64,6 +64,7 @@ import org.hibernate.validator.internal.util.privilegedactions.SetAccessibility;
- import org.hibernate.validator.method.MethodConstraintViolation;
- import org.hibernate.validator.method.MethodValidator;
- import org.hibernate.validator.method.metadata.TypeDescriptor;
-+import org.hibernate.validator.HibernateValidatorPermission;
-
- import static org.hibernate.validator.internal.util.CollectionHelper.newArrayList;
- import static org.hibernate.validator.internal.util.CollectionHelper.newHashMap;
-@@ -1426,6 +1427,11 @@ public class ValidatorImpl implements Validator, MethodValidator {
- return member;
- }
-
-+ SecurityManager sm = System.getSecurityManager();
-+ if ( sm != null ) {
-+ sm.checkPermission( HibernateValidatorPermission.ACCESS_PRIVATE_MEMBERS );
-+ }
-+
- Class<?> clazz = original.getDeclaringClass();
-
- if ( original instanceof Field ) {
-diff --git a/engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java b/engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
-index 3617d63..8db6523 100644
---- a/engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
-+++ b/engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
-@@ -41,7 +41,6 @@ public final class GetDeclaredField implements PrivilegedAction<Field> {
- public Field run() {
- try {
- final Field field = clazz.getDeclaredField( fieldName );
-- field.setAccessible( true );
- return field;
- }
- catch ( NoSuchFieldException e ) {
=====================================
debian/patches/series
=====================================
@@ -1,4 +1,4 @@
01-workaround-maven-repo-helper-bug.patch
02-jaxb-plugin.patch
jboss-logging-tools.patch
-CVE-2017-7536.patch
+05-jaxb-dependency.patch
=====================================
distribution/pom.xml
=====================================
@@ -20,7 +20,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
documentation/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
engine/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
=====================================
@@ -0,0 +1,39 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2018, Red Hat, Inc. and/or its affiliates, and individual contributors
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+* http://www.apache.org/licenses/LICENSE-2.0
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.hibernate.validator;
+
+import java.security.BasicPermission;
+
+/**
+ * Our specific implementation of {@link BasicPermission} as we cannot define additional {@link RuntimePermission}.
+ * <p>
+ * {@code HibernateValidatorPermission} is thread-safe and immutable.
+ *
+ * @author Guillaume Smet
+ */
+public class HibernateValidatorPermission extends BasicPermission {
+
+ public static final HibernateValidatorPermission ACCESS_PRIVATE_MEMBERS = new HibernateValidatorPermission( "accessPrivateMembers" );
+
+ public HibernateValidatorPermission(String name) {
+ super( name );
+ }
+
+ public HibernateValidatorPermission(String name, String actions) {
+ super( name, actions );
+ }
+}
=====================================
engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
=====================================
@@ -41,6 +41,7 @@ import javax.validation.Validator;
import javax.validation.groups.Default;
import javax.validation.metadata.BeanDescriptor;
+import org.hibernate.validator.HibernateValidatorPermission;
import org.hibernate.validator.internal.engine.groups.Group;
import org.hibernate.validator.internal.engine.groups.GroupWithInheritance;
import org.hibernate.validator.internal.engine.groups.Sequence;
@@ -1426,6 +1427,11 @@ public class ValidatorImpl implements Validator, MethodValidator {
return member;
}
+ SecurityManager sm = System.getSecurityManager();
+ if ( sm != null ) {
+ sm.checkPermission( HibernateValidatorPermission.ACCESS_PRIVATE_MEMBERS );
+ }
+
Class<?> clazz = original.getDeclaringClass();
if ( original instanceof Field ) {
=====================================
engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
=====================================
@@ -41,7 +41,6 @@ public final class GetDeclaredField implements PrivilegedAction<Field> {
public Field run() {
try {
final Field field = clazz.getDeclaredField( fieldName );
- field.setAccessible( true );
return field;
}
catch ( NoSuchFieldException e ) {
=====================================
integration/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
performance/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
pom.xml
=====================================
@@ -20,7 +20,7 @@
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator-parent</artifactId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<packaging>pom</packaging>
<name>Hibernate Validator Aggregator</name>
=====================================
tck-runner/pom.xml
=====================================
@@ -21,7 +21,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
- <version>4.3.3.Final</version>
+ <version>4.3.4.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
View it on GitLab: https://salsa.debian.org/java-team/libhibernate-validator-java/compare/80399dd0412415d54f34491226505345b65b3742...fa00089c34493d64848a7b59522a7ed7190afbac
--
View it on GitLab: https://salsa.debian.org/java-team/libhibernate-validator-java/compare/80399dd0412415d54f34491226505345b65b3742...fa00089c34493d64848a7b59522a7ed7190afbac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181017/f62cdeb3/attachment.html>
More information about the pkg-java-commits
mailing list