[Git][java-team/jabref][master] 2 commits: Update 100_CVE-2018-1000652_XXE-vulnerability.patch to use Apache Commons logging

Sat Feb 9 18:10:39 GMT 2019

Tony Mancill pushed to branch master at Debian Java Maintainers / jabref


Commits:
af44c418 by tony mancill at 2019-02-09T18:09:15Z
Update 100_CVE-2018-1000652_XXE-vulnerability.patch to use Apache Commons logging

Gbp-Dch: Ignore

- - - - -
05072e33 by tony mancill at 2019-02-09T18:10:09Z
remove TODO from debian/changelog

Gbp-Dch: Ignore

- - - - -


2 changed files:

- debian/changelog
- debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch


Changes:

=====================================
debian/changelog
=====================================
@@ -1,11 +1,5 @@
 jabref (3.8.2+ds-12) UNRELEASED; urgency=medium
 
-  TODO: FTBFS with
-  /build/jabref-3.8.2+ds/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java:16: error: package org.slf4j does not exist
-  import org.slf4j.Logger;
-                  ^
-  etc.
-
   * Add patch from upstream commit to fix CVE-2018-1000652: XML External
     Entity attack.
     Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772)


=====================================
debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch
=====================================
@@ -24,8 +24,8 @@ Bug: https://github.com/JabRef/jabref/issues/4229
  import net.sf.jabref.logic.msbib.MSBibDatabase;
  import net.sf.jabref.logic.util.FileExtensions;
  
-+import org.slf4j.Logger;
-+import org.slf4j.LoggerFactory;
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
  import org.w3c.dom.Document;
  import org.xml.sax.InputSource;
  
@@ -33,7 +33,7 @@ Bug: https://github.com/JabRef/jabref/issues/4229
   */
  public class MsBibImporter extends Importer {
  
-+    private static final Logger LOGGER = LoggerFactory.getLogger(MsBibImporter.class);
++    private static final Log LOGGER = LogFactory.getLog(MsBibImporter.class);
 +    private static final String DISABLEDTD = "http://apache.org/xml/features/disallow-doctype-decl";
 +    private static final String DISABLEEXTERNALDTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
 +
@@ -73,7 +73,7 @@ Bug: https://github.com/JabRef/jabref/issues/4229
 +            dBuild.setExpandEntityReferences(false);
 +
 +        } catch (ParserConfigurationException e) {
-+            LOGGER.warn("Builder not fully configured. Feature:'{}' is probably not supported by current XML processor. {}", feature, e);
++            LOGGER.warn("Builder not fully configured. Feature:'" + feature + "' is probably not supported by current XML processor.", e);
 +        }
 +
 +        return dBuild;



View it on GitLab: https://salsa.debian.org/java-team/jabref/compare/f6a50cbf794d92dcd057a49113eadcf301b1fcc9...05072e3361cfbb10d3c48cf3f07478c8f0953912

-- 
View it on GitLab: https://salsa.debian.org/java-team/jabref/compare/f6a50cbf794d92dcd057a49113eadcf301b1fcc9...05072e3361cfbb10d3c48cf3f07478c8f0953912
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20190209/edde7e0d/attachment.html>
