init

0001-Prevent-deserialization-of-void.patch

@@ -0,0 +1,123 @@
+From 376175c482a4914c8d288cf663f978dfb5e55849 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek@redhat.com>
+Date: Wed, 12 Apr 2017 12:19:21 +0200
+Subject: [PATCH] Prevent deserialization of void
+
+---
+ .../SunLimitedUnsafeReflectionProvider.java        | 22 ++++++++++++--------
+ .../xstream/security/PrimitiveTypePermission.java  |  5 +++--
+ .../acceptance/SecurityVulnerabilityTest.java      | 24 +++++++++++++++++++++-
+ 3 files changed, 39 insertions(+), 12 deletions(-)
+
+diff --git a/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SunLimitedUnsafeReflectionProvider.java b/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SunLimitedUnsafeReflectionProvider.java
+index 2c569ae..491f0d6 100644
+--- a/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SunLimitedUnsafeReflectionProvider.java
++++ b/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SunLimitedUnsafeReflectionProvider.java
+@@ -1,6 +1,6 @@
+ /*
+  * Copyright (C) 2004, 2005 Joe Walnes.
+- * Copyright (C) 2006, 2007, 2008, 2011, 2013, 2014, 2016 XStream Committers.
++ * Copyright (C) 2006, 2007, 2008, 2011, 2013, 2014, 2016, 2017 XStream Committers.
+  * All rights reserved.
+  *
+  * Created on 08. January 2014 by Joerg Schaible, factored out from SunUnsafeReflectionProvider
+@@ -78,14 +78,18 @@ public class SunLimitedUnsafeReflectionProvider extends PureJavaReflectionProvid
+             throw ex;
+         }
+         ErrorWritingException ex = null;
+-        try {
+-            return unsafe.allocateInstance(type);
+-        } catch (SecurityException e) {
+-            ex = new ObjectAccessException("Cannot construct type", e);
+-        } catch (InstantiationException e) {
+-            ex =  new ConversionException("Cannot construct type", e);
+-        } catch (IllegalArgumentException e) {
+-            ex = new ObjectAccessException("Cannot construct type", e);
++        if (type == void.class || type == Void.class) {
++            ex = new ConversionException("Type void cannot have an instance");
++        } else {
++            try {
++                return unsafe.allocateInstance(type);
++            } catch (SecurityException e) {
++                ex = new ObjectAccessException("Cannot construct type", e);
++            } catch (InstantiationException e) {
++                ex =  new ConversionException("Cannot construct type", e);
++            } catch (IllegalArgumentException e) {
++                ex = new ObjectAccessException("Cannot construct type", e);
++            }
+         }
+         ex.add("construction-type", type.getName());
+         throw ex;
+diff --git a/xstream/src/java/com/thoughtworks/xstream/security/PrimitiveTypePermission.java b/xstream/src/java/com/thoughtworks/xstream/security/PrimitiveTypePermission.java
+index fb69b95..c3cbad9 100644
+--- a/xstream/src/java/com/thoughtworks/xstream/security/PrimitiveTypePermission.java
++++ b/xstream/src/java/com/thoughtworks/xstream/security/PrimitiveTypePermission.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2014 XStream Committers.
++ * Copyright (C) 2014, 2017 XStream Committers.
+  * All rights reserved.
+  *
+  * Created on 09. January 2014 by Joerg Schaible
+@@ -8,8 +8,9 @@ package com.thoughtworks.xstream.security;
+ 
+ import com.thoughtworks.xstream.core.util.Primitives;
+ 
++
+ /**
+- * Permission for any primitive type and its boxed counterpart (incl. void).
++ * Permission for any primitive type and its boxed counterpart (excl. void).
+  * 
+  * @author J&ouml;rg Schaible
+  * @since 1.4.7
+diff --git a/xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java b/xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java
+index c77b3ce..0180fd7 100644
+--- a/xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java
++++ b/xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2013, 2014 XStream Committers.
++ * Copyright (C) 2013, 2014, 2017 XStream Committers.
+  * All rights reserved.
+  *
+  * The software in this package is published under the terms of the BSD
+@@ -13,9 +13,12 @@ package com.thoughtworks.acceptance;
+ import java.beans.EventHandler;
+ 
+ import com.thoughtworks.xstream.XStreamException;
++import com.thoughtworks.xstream.converters.ConversionException;
+ import com.thoughtworks.xstream.converters.reflection.ReflectionConverter;
++import com.thoughtworks.xstream.security.ForbiddenClassException;
+ import com.thoughtworks.xstream.security.ProxyTypePermission;
+ 
++
+ /**
+  * @author J&ouml;rg Schaible
+  */
+@@ -80,4 +83,23 @@ public class SecurityVulnerabilityTest extends AbstractAcceptanceTest {
+             BUFFER.append("Executed!");
+         }
+     }
++
++    public void testDeniedInstanceOfVoid() {
++        try {
++            xstream.fromXML("<void/>");
++            fail("Thrown " + ForbiddenClassException.class.getName() + " expected");
++        } catch (final ForbiddenClassException e) {
++            // OK
++        }
++    }
++
++    public void testAllowedInstanceOfVoid() {
++        xstream.allowTypes(void.class, Void.class);
++        try {
++            xstream.fromXML("<void/>");
++            fail("Thrown " + ConversionException.class.getName() + " expected");
++        } catch (final ConversionException e) {
++            assertEquals("void", e.get("construction-type"));
++        }
++    }
+ }
+-- 
+2.9.3
+

README.en.md

@@ -1,36 +0,0 @@
-# xstream
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Instructions
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Contribution
-
-1.  Fork the repository
-2.  Create Feat_xxx branch
-3.  Commit your code
-4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

README.md

@@ -1,39 +0,0 @@
-# xstream
-
-#### 介绍
-{**以下是码云平台说明，您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 参与贡献
-
-1.  Fork 本仓库
-2.  新建 Feat_xxx 分支
-3.  提交代码
-4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

xstream.spec

@@ -0,0 +1,108 @@
+Name:          xstream
+Version:       1.4.9
+Release:       9
+Summary:       A simple library to serialize objects to XML and back again
+License:       BSD
+URL:           http://x-stream.github.io/
+Source0:       https://repo1.maven.org/maven2/com/thoughtworks/%{name}/%{name}-distribution/%{version}/%{name}-distribution-%{version}-src.zip
+Patch0:        0001-Prevent-deserialization-of-void.patch
+BuildArch:     noarch
+
+BuildRequires: maven-local, mvn(cglib:cglib), mvn(dom4j:dom4j), mvn(javassist:javassist), mvn(joda-time:joda-time), mvn(org.slf4j:slf4j-simple)
+BuildRequires: mvn(net.sf.kxml:kxml2), mvn(net.sf.kxml:kxml2-min), mvn(org.apache.felix:maven-bundle-plugin), mvn(stax:stax), mvn(stax:stax-api)
+BuildRequires: mvn(org.apache.maven.plugins:maven-enforcer-plugin), mvn(org.codehaus.jettison:jettison), mvn(xom:xom), mvn(xpp3:xpp3)
+BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin), mvn(org.codehaus.woodstox:woodstox-core-asl), mvn(xpp3:xpp3_min)
+BuildRequires: mvn(org.hibernate:hibernate-core), mvn(org.hibernate:hibernate-envers), mvn(org.jdom:jdom), mvn(org.jdom:jdom2)
+Provides:      %{name}-javadoc%{?_isa} %{name}-javadoc
+Obsoletes:     %{name}-javadoc
+Provides:      %{name}-hibernate%{?_isa} %{name}-hibernate
+Obsoletes:     %{name}-hibernate
+Provides:      %{name}-benchmark%{?_isa} %{name}-benchmark
+Obsoletes:     %{name}-benchmark
+Provides:      %{name}-parent%{?_isa} %{name}-parent
+Obsoletes:     %{name}-parent
+
+%description
+XStream is a simple library to serialize objects to XML and back again, which has the following features:
+Ease of use. A high level facade is supplied that simplifies common use cases.
+No mappings required. Most objects can be serialized without need for specifying mappings.
+Performance. Speed and low memory footprint are a crucial part of the design, making it suitable for large
+object graphs or systems with high message throughput.
+Clean XML. No information is duplicated that can be obtained via reflection. This results in XML that is
+easier to read for humans and more compact than native Java serialization.
+Requires no modifications to objects. Serializes internal fields, including private and final. Supports
+non-public and inner classes. Classes are not required to have default constructor.
+Full object graph support. Duplicate references encountered in the object-model will be maintained. Supports
+circular references.
+Integrates with other XML APIs. By implementing an interface, XStream can serialize directly to/from any
+tree structure (not just XML).
+Customizable conversion strategies. Strategies can be registered allowing customization of how particular
+types are represented as XML.
+Security framework. Fine-control about the unmarshalled types to prevent security issues with manipulated input.
+Error messages. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate
+and fix the problem.
+Alternative output format. The modular design allows other output formats. XStream ships currently with JSON
+support and morphing.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+find . -name "*.jar" -print -delete
+find . -name "*.class" -print -delete
+
+%pom_xpath_remove "pom:project/pom:build/pom:extensions"
+%pom_disable_module xstream-jmh
+%pom_disable_module xstream-distribution
+
+%pom_remove_plugin :maven-source-plugin
+%pom_remove_plugin :maven-eclipse-plugin
+%pom_remove_plugin :maven-dependency-plugin
+%pom_remove_plugin :maven-release-plugin
+%pom_remove_plugin :jxr-maven-plugin
+%pom_remove_plugin :xsite-maven-plugin
+
+%pom_xpath_set "pom:dependency[pom:groupId = 'org.codehaus.woodstox' ]/pom:artifactId" \
+woodstox-core-asl
+%pom_xpath_set "pom:dependency[pom:groupId = 'org.codehaus.woodstox' ]/pom:artifactId" \
+woodstox-core-asl xstream
+%pom_xpath_set "pom:dependency[pom:groupId = 'cglib' ]/pom:artifactId" \
+cglib
+%pom_xpath_set "pom:dependency[pom:groupId = 'cglib' ]/pom:artifactId" \
+cglib xstream
+
+%pom_change_dep :xmlpull xpp3:xpp3:1.1.4c xstream
+%pom_remove_plugin :maven-javadoc-plugin xstream
+%pom_remove_plugin :maven-dependency-plugin xstream
+%pom_remove_dep javax.activation:activation xstream
+
+%pom_xpath_set "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'cglib' ]/pom:artifactId" \
+cglib xstream-hibernate
+%pom_xpath_inject "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'junit' ]" \
+"<scope>test</scope>" xstream-hibernate
+%pom_remove_plugin :maven-dependency-plugin xstream-hibernate
+%pom_remove_plugin :maven-javadoc-plugin xstream-hibernate
+
+%pom_xpath_inject "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'junit' ]" \
+"<scope>test</scope>" xstream-benchmark
+%pom_remove_plugin :maven-javadoc-plugin xstream-benchmark
+
+%mvn_file :%{name} %{name}/%{name} %{name}
+%mvn_file :%{name}-benchmark %{name}/%{name}-benchmark %{name}-benchmark
+
+%mvn_package :%{name}
+
+%build
+%mvn_build -f -s
+
+%install
+%mvn_install
+
+%files -f .mfiles
+%doc README.txt
+%license LICENSE.txt
+%{_javadir}/*
+%{_javadocdir}/%{name}/*
+/usr/share/maven*
+
+%changelog
+* Mon Dec 9 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.4.9-9
+- Package init