SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache-commons-compress-javadoc-1.22-31.10.noarch.rpm :

* Mon Dec 12 2022 Anton Shvetz - Updated to 1.22
* New features: + Migrate zip package to use NIO #236. Issue: COMPRESS-602. Thanks to Postelnicu George, Gary Gregory. + Add APK file extension constants: ArchiveStreamFactory.APK, APKM, APKS, XAPK. Thanks to Gary Gregory. + ArchiveStreamFactory.createArchiveInputStream(String, InputStream, String) supports the \"APK\" format (it\'s a JAR). Thanks to Gary Gregory. + Expander example now has NIO Path versions of IO File APIs. Thanks to Gary Gregory. + Improve TAR support for file times #254. Issue: COMPRESS-612. Thanks to Andre Brait, Gary Gregory. + Add SevenZArchiveEntry.setContentMethods(SevenZMethodConfiguration...). Thanks to Gary Gregory.
* Fixed Bugs: + Fix some compiler warnings in pack200 packages. Thanks to Gary Gregory. + Close File input stream after unpacking in Pack200UnpackerAdapter.unpack(File, JarOutputStream). Thanks to Gary Gregory. + Pack200UnpackerAdapter.unpack(InputStream, JarOutputStream) should not close its given input stream. Thanks to Gary Gregory. + Fix minor problem in examples. Issue: COMPRESS-596. Thanks to Tamas Mucs. + Add a limit to the copy buffer in IOUtils.readRange() to avoid reading more from a channel than asked for. Github Pull Request #214. Issue: COMPRESS-584. Thanks to Matthijs Laan, Peter Lee. + Documentation nits #217. Thanks to Helder Magalhães, Gary Gregory, PeterAlfredLee. + Replace wrapper Collections.sort is with an instance method directly. #245. Thanks to Arturo Bernal. + Replace manual comparisons with Comparator.comparingInt() [#244]. Thanks to Arturo Bernal. + Replace manual copy of array contents with System.arraycopy() [#246]. Thanks to Arturo Bernal. + Fix thread safety issues when encoding 7z password #248. Thanks to Glavo, Bruno P. Kinoshita, PeterAlfredLee, Gary Gregory. + bzip2: calculate median-of-3 on unsigned values #242. Thanks to Peter Dettman. + Use Math.min and Math.max calculations. #247. Thanks to Arturo Bernal, Gary Gregory, Bruno P. Kinoshita. + Expander should be able to work if an entry\'s name is \"./\". Issue: COMPRESS-603. Thanks to Matt Sicker. + Ensure compatibility with Java 8 #252. Issue: COMPRESS-604. Thanks to Andre Brait. + Use StringBuilder instead of StringBuffer. #284. Thanks to Arturo Bernal. + Inline variable. Remove redundant local variable. #283. Thanks to Arturo Bernal. + Use compare method #285. Thanks to Arturo Bernal. + Remove Unnecessary interface modifiers #281. Thanks to Arturo Bernal. + Avoid use C-style array declaration. #282. Thanks to Arturo Bernal. + ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream. Thanks to Gary Gregory. + Fix TarFileTest #289. Thanks to Matt Juntunen. + Update Wikipedia link in TarUtils.java:627. Issue: COMPRESS-625. Thanks to MrBump, Gary Gregory. + OutOfMemoryError on malformed pack200 input (attributes). Issue: COMPRESS-626. Thanks to Andrii Hudz, Gary Gregory. + OutOfMemoryError on malformed pack200 input (org.apache.commons.compress.harmony.pack200.NewAttributeBands.readNextUnionCase). Issue: COMPRESS-628. Thanks to Andrii Hudz, Gary Gregory. + OutOfMemoryError on malformed unpack200 input (org.apache.commons.compress.harmony.unpack200.NewAttributeBands.readNextUnionCase). Issue: COMPRESS-628. Thanks to Gary Gregory. + Some input streams are not closed in org.apache.commons.compress.harmony.pack200.PackingUtils. Thanks to Gary Gregory. + Pack200 causes a \'archive.3E\' error if it\'s not in the system class loader. Issue: COMPRESS-627. Thanks to anatawa12, Gary Gregory.
* Changes: + Bump actions/cache from 2.1.6 to 3.0.10 #230, #257, #305, [#320]. Thanks to Dependabot, Gary Gregory. + Bump actions/checkout from 2.3.4 to 3.1.0 #226, #227, #251, [#300], #321. Thanks to Dependabot, Gary Gregory. + Bump actions/setup-java from 2 to 3.5.1 #278. Thanks to Dependabot. + Bump github/codeql-action from 1 to 2 #287. Thanks to Dependabot. + Bump mockito-core from 3.11.1 to 4.6.1 #209, #224, #231, [#235], #243, #253, #286, #294. Thanks to Dependabot. + Bump org.apache.felix.framework from 7.0.0 to 7.0.1 #208. Thanks to Dependabot. + Bump memoryfilesystem from 2.1.0 to 2.3.0 #212, #237. Thanks to Dependabot. + Bump zstd-jni from 1.5.0-2 to 1.5.2-5 #215, #233, #238, #240, [#250], #291, #326. Thanks to Dependabot, Gary Gregory. + Bump Pack200 packages from ASM 3.2 to 9.2 #216. Breaks binary compatibility in the internals of the pack200 implementation: = org.apache.commons.compress.harmony.pack200.Segment = org.apache.commons.compress.harmony.pack200.SegmentMethodVisitor = org.apache.commons.compress.harmony.pack200.SegmentAnnotationVisitor = org.apache.commons.compress.harmony.pack200.SegmentFieldVisitor Issue: COMPRESS-582. Thanks to Alex Landau, Stephan, Gary Gregory. + Bump asm from 9.2 to 9.4 #279, #322. Thanks to Dependabot. + Bump maven-javadoc-plugin from 3.3.0 to 3.4.1 #221, #249, [#288], #308. Thanks to Dependabot. + Bump maven-pmd-plugin from 3.14.0 to 3.19.0 #296, #309, #311. Thanks to Gary Gregory, Dependabot. + Bump pmd from 6.44.0 to 6.50.0. Thanks to Gary Gregory. + Bump commons.japicmp.version from 0.15.3 to 0.16.0. Thanks to Gary Gregory. + Bump maven-bundle-plugin from 5.1.2 to 5.1.8 #234, #239, [#290], #292, #301, #304. Thanks to Dependabot. + Bump org.apache.felix.framework from 7.0.1 to 7.0.5 #232, [#295]. Thanks to Dependabot. + Bump slf4j-api from 1.7.30 to 2.0.3 #213, #241, #258, #310, [#314], #315, #318. Thanks to Dependabot. + Bump commons-parent from 52 to 54 #280. Thanks to Dependabot, Gary Gregory. + Bump commons.jacoco.version from 0.8.7 to 0.8.8. Thanks to Gary Gregory. + Bump junit.version from 5.8.2 to 5.9.1 #302, #317. Thanks to Dependabot. + Bump mockito.version from 4.6.1 to 4.8.0 #307, #312. Thanks to Dependabot. + Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7. Thanks to Gary Gregory.- Re-enable support for zstd and brotli
* Add build dependencies: + mvn(com.github.luben:zstd-jni) + mvn(org.brotli:dec)
* Remove patches: + 0001-Remove-Brotli-compressor.patch + 0002-Remove-ZSTD-compressor.patch- Rebase patch fix_java_8_compatibility.patch to a new context and add some new occurrences
* Mon Mar 21 2022 Fridrich Strba - Added patch:
* 0003-Remove-Pack200-compressor.patch + Remove support for pack200 which depends on old asm3
* Tue Jul 20 2021 Fridrich Strba - Updated to 1.21
* When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress\' sevenz package. (CVE-2021-35515, bsc#1188463)
* When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress\' sevenz package. (CVE-2021-35516, bsc#1188464)
* When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress\' tar package. (CVE-2021-35517, bsc#1188465)
* When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress\' zip package. (CVE-2021-36090, bsc#1188466)- New dependency on asm3 for Pack200 compressor- Rebased patch fix_java_8_compatibility.patch to a new context and added some new occurrences
* Wed Aug 28 2019 Pedro Monreal Gonzalez - Updated to 1.19 [bsc#1148475, CVE-2019-12402]
* ZipFile could get stuck in an infinite loop when parsing ZIP archives with certain strong encryption headers (CVE-2019-12402).
* ZipArchiveInputStream and ZipFile will no longer throw an exception if an extra field generally understood by Commons Compress is malformed but rather turn them into UnrecognizedExtraField instances. You can influence the way extra fields are parsed in more detail by using the new getExtraFields(ExtraFieldParsingBehavior) method of ZipArchiveEntry now.
* Some of the ZIP extra fields related to strong encryption will now throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in certain cases when used directly. There is no practical difference when they are read via ZipArchiveInputStream or ZipFile.
* ParallelScatterZipCreator now writes entries in the same order they have been added to the archive.
* ZipArchiveInputStream and ZipFile are more forgiving when parsing extra fields by default now.
* TarArchiveInputStream has a new lenient mode that may allow it to read certain broken archives.- Rebased patch fix_java_8_compatibility.patch
* Mon Mar 25 2019 Fridrich Strba - Remove pom parent, since we don\'t use it when not building with maven
* Sun Jan 27 2019 Jan Engelhardt - Add missing RPM group for %name-javadoc.
* Fri Jan 25 2019 Fridrich Strba - Rename package to apache-commons-compress
* Upgrade to version 1.18
* Use build.xml file generated ba mvn ant:ant and simplified manually after + Allows building with ant and considerably shortens build cycle- Added patches
* 0001-Remove-Brotli-compressor.patch + do not build Brotli compressor, since we don\'t have its dependencies
* 0002-Remove-ZSTD-compressor.patch + do not build ZSTD compressor, since we don\'t have its dependencies
* fix_java_8_compatibility.patch + restore Java 8 compatibility in java.nio.ByteBuffer use
* Mon Sep 18 2017 fstrbaAATTsuse.com- Fix build with jdk9: specify java source and target 1.6- Build also the javadoc package
* Fri May 19 2017 tchvatalAATTsuse.com- Fix build under new javapackage-tools
* Thu Nov 29 2012 mvyskocilAATTsuse.com- use saxon and saxon-scripts only when using maven
  
ICM