!2 slf4j: Fixed format for spec file

Merge pull request !2 from gnaygnil/master

0001-Disallow-EventData-deserialization-by-default.patch

@@ -0,0 +1,44 @@
+From b1c0ca75ca38a7a8b50bfdfdf2c324169a6ddf02 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek@redhat.com>
+Date: Mon, 19 Mar 2018 16:01:57 +0100
+Subject: [PATCH] Disallow EventData deserialization by default
+
+---
+ .../src/main/java/org/slf4j/ext/EventData.java      | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
+index dc5b502..fa5c125 100644
+--- a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
++++ b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
+@@ -76,12 +76,21 @@ public class EventData implements Serializable {
+      */
+     @SuppressWarnings("unchecked")
+     public EventData(String xml) {
+-        ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
+-        try {
+-            XMLDecoder decoder = new XMLDecoder(bais);
+-            this.eventData = (Map<String, Object>) decoder.readObject();
+-        } catch (Exception e) {
+-            throw new EventException("Error decoding " + xml, e);
++        if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) {
++            ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
++            try {
++                XMLDecoder decoder = new XMLDecoder(bais);
++                this.eventData = (Map<String, Object>) decoder.readObject();
++            } catch (Exception e) {
++                throw new EventException("Error decoding " + xml, e);
++            }
++        } else {
++            throw new UnsupportedOperationException(
++                    "Constructing EventData from XML is vulnerable to remote " +
++                    "excution and is not allowed by default. If you're " +
++                    "completely sure the source data is trusted, you can enable " +
++                    "it by setting org.slf4j.ext.allowInsecureDeserialization " +
++                    "JVM property to 1");
+         }
+     }
+ 
+-- 
+2.14.3
+

README.en.md

@@ -1,36 +0,0 @@
-# slf4j
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Instructions
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Contribution
-
-1.  Fork the repository
-2.  Create Feat_xxx branch
-3.  Commit your code
-4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

README.md

@@ -1,39 +0,0 @@
-# slf4j
-
-#### 介绍
-{**以下是码云平台说明，您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 参与贡献
-
-1.  Fork 本仓库
-2.  新建 Feat_xxx 分支
-3.  提交代码
-4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

slf4j.spec

@@ -1,92 +1,91 @@
 Name:           slf4j
 Version:        1.7.25
-Release:        7
+Release:        8
 Epoch:          0
 Summary:        Simple Logging Facade for Java(SLF4J)
 License:        MIT and ASL 2.0
 URL:            http://www.slf4j.org/
-Source0:        https://github.com/qos-ch/%{name}/archive/v_%{version}.tar.gz
+Source0:        http://www.slf4j.org/dist/slf4j-%{version}.tar.gz
 Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
-
 BuildArch:      noarch
-BuildRequires:  maven-local mvn(ch.qos.cal10n:cal10n-api) mvn(commons-lang:commons-lang)
-BuildRequires:  mvn(commons-logging:commons-logging) mvn(javassist:javassist) mvn(log4j:log4j:1.2.17)
-BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin) mvn(org.apache.maven.plugins:maven-source-plugin)
-BuildRequires:  mvn(org.codehaus.mojo:build-helper-maven-plugin)
+BuildRequires:  mvn(ch.qos.cal10n:cal10n-api) mvn(org.apache.maven.plugins:maven-source-plugin)
+BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin) mvn(commons-lang:commons-lang)
+BuildRequires:  mvn(commons-logging:commons-logging) mvn(javassist:javassist) maven-local
+BuildRequires:  mvn(org.codehaus.mojo:build-helper-maven-plugin) mvn(log4j:log4j:1.2.17)
+# Disallow EventData deserialization by default
+Patch0000:      0001-Disallow-EventData-deserialization-by-default.patch
 
 %description
 The Simple Logging Facade for Java (SLF4J) serves as a simple facade or abstraction for various
 logging frameworks (e.g. java.util.logging, logback, log4j) allowing the end user to plug in the
 desired logging framework at deployment time.Before you start using SLF4J, we highly recommend
-that you read the two-page SLF4J user manual.
-Note that SLF4J-enabling your library implies the addition of only a single mandatory dependency,
-namely slf4j-api.jar. If no binding is found on the class path, then SLF4J will default to a
-no-operation implementation.
-In case you wish to migrate your Java source files to SLF4J, consider our migrator tool which
-can migrate your project to use the SLF4J API in just a few minutes.
-In case an externally-maintained component you depend on uses a logging API other than SLF4J,
-such as commons logging, log4j or java.util.logging, have a look at SLF4J's binary-support for legacy APIs.
+that you read the two-page SLF4J user manual. Note that SLF4J-enabling your library implies the
+addition of only a single mandatory dependency, namely slf4j-api.jar. If no binding is found on
+the class path, then SLF4J will default to a no-operation implementation. In case you wish to
+migrate your Java source files to SLF4J, consider our migrator tool which can migrate your project
+to use the SLF4J API in just a few minutes. In case an externally-maintained component you depend
+on uses a logging API other than SLF4J, such as commons logging, log4j or java.util.logging, have
+a look at SLF4J's binary-support for legacy APIs.
 
-%package jdk14
+%package        help
+Summary:        Help documentation for slf4j
+Provides:       slf4j-javadoc = %{epoch}:%{version}-%{release} slf4j-manual = %{epoch}:%{version}-%{release}
+Obsoletes:      slf4j-javedoc < %{epoch}:%{version}-%{release} slf4j-manual < %{epoch}:%{version}-%{release}
+
+%description    help
+Help documentation for slf4j.
+
+%package        jdk14
 Summary:        JDK14 Binding of SLF4J
 
-%description jdk14
+%description    jdk14
 JDK14 Binding of SLF4J.
 
-%package log4j12
+%package        log4j12
 Summary:        LOG4J-12 Binding of SLF4J
 
-%description log4j12
+%description    log4j12
 LOG4J-12 Binding of SLF4J.
 
-%package jcl
+%package        jcl
 Summary:        JCL Binding of SLF4J
 
-%description jcl
+%description    jcl
 JCL Binding of SLF4J.
 
-%package -n jcl-over-slf4j
+%package        ext
+Summary:        Extensions Module of SLF4J
+
+%description    ext
+Extensions Module of SLF4J.
+
+%package -n     jcl-over-slf4j
 Summary:        JCL 1.1.1 implemented over SLF4J
 
 %description -n jcl-over-slf4j
 JCL 1.1.1 implemented over SLF4J.
 
-%package -n jul-to-slf4j
-Summary:        JUL to SLF4J bridge
-
-%description -n jul-to-slf4j
-JUL to SLF4J bridge.
-
-%package -n log4j-over-slf4j
+%package -n     log4j-over-slf4j
 Summary:        Log4j implemented over SLF4J
 
 %description -n log4j-over-slf4j
 Log4j implemented over SLF4J.
 
-%package ext
-Summary:        Extensions Module of SLF4J
+%package -n     jul-to-slf4j
+Summary:        JUL to SLF4J bridge
 
-%description ext
-Extensions Module of SLF4J.
+%description -n jul-to-slf4j
+JUL to SLF4J bridge.
 
-%package sources
+%package        sources
 Summary:        Source JARs of SLF4J
 
-%description sources
-SLF4J Source JARs,which is required by Maven 3.4.0.
-
-%package help
-Summary:        API documentation for slf4j package
-Provides:       %{name}-javadoc = %{epoch}:%{version}-%{release} %{name}-manual = %{epoch}:%{version}-%{release}
-Obsoletes:      %{name}-javadoc < %{epoch}:%{version}-%{release} %{name}-manual < %{epoch}:%{version}-%{release}
-
-%description help
-API documentation for slf4j package.
+%description    sources
+Source JARs of SLF4J.
 
 %prep
-%autosetup -n %{name}-v_%{version} -p1
-
-find . -name "*.jar" -delete
+%autosetup -p1
+find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE
 
 %pom_disable_module integration
@@ -98,6 +97,7 @@ cp -p %{SOURCE1} APACHE-LICENSE
     <project.build.sourceEncoding>ISO-8859-1</project.build.sourceEncoding>"
 
 %pom_xpath_remove "pom:links"
+
 %pom_xpath_inject "pom:plugin[pom:artifactId[text()='maven-javadoc-plugin']]/pom:configuration" "
     <detectJavaApiLink>false</detectJavaApiLink>
     <isOffline>false</isOffline>
@@ -115,9 +115,7 @@ find -name "*.css" -o -name "*.js" -o -name "*.txt" | xargs -t sed -i 's/\r$//'
 
 sed -i "/Import-Package/s/.$/;resolution:=optional&/" slf4j-api/src/main/resources/META-INF/MANIFEST.MF
 
-# source of slf4j is required by maven 3.4.0
 %mvn_package :::sources: sources
-
 %mvn_package :slf4j-parent __noinstall
 %mvn_package :slf4j-site __noinstall
 %mvn_package :slf4j-api
@@ -128,41 +126,32 @@ sed -i "/Import-Package/s/.$/;resolution:=optional&/" slf4j-api/src/main/resourc
 %mvn_build -f -s
 
 %install
-%mvn_file ':%{name}-{*}' %{name}/%{name}-@1 %{name}/@1
+%mvn_file ':slf4j-{*}' slf4j/slf4j-@1 slf4j/@1
 %mvn_install
-sed -i 's/[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}/f2f42549-cfab-4d71-be48-5e9f9a41e5f5/g' $(find %{_buildrootdir} -name slf4j-slf4j-jdk14.xml)
-sed -i 's/[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}/f2f42549-cfab-4d71-be48-5e9f9a41e5f5/g' $(find %{_buildrootdir} -name slf4j.xml)
-
 install -d -m 0755 $RPM_BUILD_ROOT%{_defaultdocdir}/slf4j-manual
-cp -rp target/site/* $RPM_BUILD_ROOT%{_defaultdocdir}/slf4j-manual
+rm -rf target/site/{.htaccess,apidocs}
+cp -pr target/site/* $RPM_BUILD_ROOT%{_defaultdocdir}/slf4j-manual
 
 %files -f .mfiles
-%license LICENSE.txt APACHE-LICENSE
+%doc LICENSE.txt APACHE-LICENSE
 
 %files jdk14 -f .mfiles-slf4j-jdk14
-
 %files log4j12 -f .mfiles-slf4j-log4j12
-
 %files jcl -f .mfiles-slf4j-jcl
-
+%files ext -f .mfiles-slf4j-ext
 %files -n jcl-over-slf4j -f .mfiles-jcl-over-slf4j
-
+%files -n log4j-over-slf4j -f .mfiles-log4j-over-slf4j
 %files -n jul-to-slf4j -f .mfiles-jul-to-slf4j
 
-%files -n log4j-over-slf4j -f .mfiles-log4j-over-slf4j
-
-%files ext -f .mfiles-slf4j-ext
-
 %files sources -f .mfiles-sources
-%license LICENSE.txt APACHE-LICENSE
+%doc LICENSE.txt APACHE-LICENSE
 
 %files help -f .mfiles-javadoc
 %{_defaultdocdir}/slf4j-manual
-%exclude %{_defaultdocdir}/slf4j-manual/{.htaccess,apidocs}
 
 %changelog
+* Sun Mar 15 2020 Ling Yang <lingyang2@huawei.com> - 0:1.7.25-8
+- Fix format
+
 * Wed Dec 04 2019 daiqianwen <daiqianwen@huawei.com> - 0:1.7.25-7
 - Package init
-
-
-