4 changed files with 95 additions and 111 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v_1.7.30.tar.gz
+SOURCES/slf4j-1.7.25.tar.gz
--- a/.slf4j.metadata
+++ b/.slf4j.metadata
@ -1 +1 @@
-99d103004692d3ced37c2afdec97b5bdf0c276bd SOURCES/v_1.7.30.tar.gz
+f564e3825b62172e81874ec73fafcc2747fb3d3b SOURCES/slf4j-1.7.25.tar.gz
--- a/SOURCES/0001-Disallow-EventData-deserialization-by-default.patch
+++ b/SOURCES/0001-Disallow-EventData-deserialization-by-default.patch
@ -0,0 +1,44 @@
 From b1c0ca75ca38a7a8b50bfdfdf2c324169a6ddf02 Mon Sep 17 00:00:00 2001
 From: Michael Simacek <msimacek@redhat.com>
 Date: Mon, 19 Mar 2018 16:01:57 +0100
 Subject: [PATCH] Disallow EventData deserialization by default
 ---
 .../src/main/java/org/slf4j/ext/EventData.java      | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)
 diff --git a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
 index dc5b502..fa5c125 100644
 --- a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
 +++ b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
@@ -76,12 +76,21 @@ public class EventData implements Serializable {
      */
     @SuppressWarnings("unchecked")
     public EventData(String xml) {
 -        ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
 -        try {
 -            XMLDecoder decoder = new XMLDecoder(bais);
 -            this.eventData = (Map<String, Object>) decoder.readObject();
 -        } catch (Exception e) {
 -            throw new EventException("Error decoding " + xml, e);
 +        if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) {
 +            ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
 +            try {
 +                XMLDecoder decoder = new XMLDecoder(bais);
 +                this.eventData = (Map<String, Object>) decoder.readObject();
 +            } catch (Exception e) {
 +                throw new EventException("Error decoding " + xml, e);
 +            }
 +        } else {
 +            throw new UnsupportedOperationException(
 +                    "Constructing EventData from XML is vulnerable to remote " +
 +                    "excution and is not allowed by default. If you're " +
 +                    "completely sure the source data is trusted, you can enable " +
 +                    "it by setting org.slf4j.ext.allowInsecureDeserialization " +
 +                    "JVM property to 1");
         }
     }
 -- 
 2.14.3
--- a/SPECS/slf4j.spec
+++ b/SPECS/slf4j.spec
@ -1,5 +1,3 @@
 %bcond_with bootstrap
 # Copyright (c) 2000-2009, JPackage Project
 # All rights reserved.
 #
@ -31,29 +29,27 @@
 #
 Name:           slf4j
-Version:        1.7.30
+Version:        1.7.25
-Release:        14%{?dist}
+Release:        4%{?dist}
 Epoch:          0
 Summary:        Simple Logging Facade for Java
 # the log4j-over-slf4j and jcl-over-slf4j submodules are ASL 2.0, rest is MIT
 License:        MIT and ASL 2.0
 URL:            http://www.slf4j.org/
 Source0:        http://www.slf4j.org/dist/%{name}-%{version}.tar.gz
 Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
 Patch0:         0001-Disallow-EventData-deserialization-by-default.patch
 BuildArch:      noarch
-Source0:        https://github.com/qos-ch/slf4j/archive/v_%{version}.tar.gz
+BuildRequires:  maven-local
-Source1:        https://www.apache.org/licenses/LICENSE-2.0.txt
+BuildRequires:  mvn(ch.qos.cal10n:cal10n-api)
-
+BuildRequires:  mvn(commons-lang:commons-lang)
 BuildRequires:  maven-local-openjdk8
 %if %{with bootstrap}
 BuildRequires:  javapackages-bootstrap
 %else
 BuildRequires:  mvn(commons-logging:commons-logging)
 BuildRequires:  mvn(javassist:javassist)
 BuildRequires:  mvn(log4j:log4j:1.2.17)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-source-plugin)
 BuildRequires:  mvn(org.codehaus.mojo:build-helper-maven-plugin)
 %endif
 # -log4j12 subpackage removed in fedora 34
 Obsoletes:      slf4j-log4j12 < 0:1.7.30-7
 %description
 The Simple Logging Facade for Java or (SLF4J) is intended to serve
@ -67,7 +63,11 @@ SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
 it is possible (and rather easy) to write SLF4J adapters for the given
 API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..
-%{?javadoc_package}
+%package javadoc
 Summary:        API documentation for %{name}
 %description javadoc
 This package provides %{summary}.
 %package manual
 Summary:        Manual for %{name}
@ -81,18 +81,36 @@ Summary:        SLF4J JDK14 Binding
 %description jdk14
 SLF4J JDK14 Binding.
 %package log4j12
 Summary:        SLF4J LOG4J-12 Binding
 %description log4j12
 SLF4J LOG4J-12 Binding.
 %package jcl
 Summary:        SLF4J JCL Binding
 %description jcl
 SLF4J JCL Binding.
 %package ext
 Summary:        SLF4J Extensions Module
 %description ext
 Extensions to the SLF4J API.
 %package -n jcl-over-slf4j
 Summary:        JCL 1.1.1 implemented over SLF4J
 %description -n jcl-over-slf4j
 JCL 1.1.1 implemented over SLF4J.
 %package -n log4j-over-slf4j
 Summary:        Log4j implemented over SLF4J
 %description -n log4j-over-slf4j
 Log4j implemented over SLF4J.
 %package -n jul-to-slf4j
 Summary:        JUL to SLF4J bridge
@ -106,21 +124,16 @@ Summary:        SLF4J Source JARs
 SLF4J Source JARs.
 %prep
-%setup -q -n %{name}-v_%{version}
+%setup -q
-find -name '*.jar' -delete
+%patch0 -p1
-install -p -m 0644 %{SOURCE1} APACHE-LICENSE
+find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE
 %pom_disable_module integration
 %pom_disable_module osgi-over-slf4j
 %pom_disable_module log4j-over-slf4j
 %pom_disable_module slf4j-android
 %pom_disable_module slf4j-ext
 %pom_disable_module slf4j-log4j12
 %pom_disable_module slf4j-migrator
 # Port to maven-antrun-plugin 3.0.0
 sed -i s/tasks/target/ slf4j-api/pom.xml
 # Because of a non-ASCII comment in slf4j-api/src/main/java/org/slf4j/helpers/MessageFormatter.java
 %pom_xpath_inject "pom:project/pom:properties" "
    <project.build.sourceEncoding>ISO-8859-1</project.build.sourceEncoding>"
@ -154,7 +167,7 @@ find -name "*.css" -o -name "*.js" -o -name "*.txt" | \
 # during build time, it is necessary to mark the imported package as an
 # optional one.
 # Reported upstream: http://bugzilla.slf4j.org/show_bug.cgi?id=283
-sed -i '/Import-Package/s/\}$/};resolution:=optional/' slf4j-api/src/main/resources/META-INF/MANIFEST.MF
+sed -i "/Import-Package/s/.$/;resolution:=optional&/" slf4j-api/src/main/resources/META-INF/MANIFEST.MF
 # Source JARs for are required by Maven 3.4.0
 %mvn_package :::sources: sources
@ -166,7 +179,7 @@ sed -i '/Import-Package/s/\}$/};resolution:=optional/' slf4j-api/src/main/resour
 %mvn_package :%{name}-nop
 %build
-%mvn_build -f -s -- -Drequired.jdk.version=1.6
+%mvn_build -f -s
 %install
 # Compat symlinks
@ -179,103 +192,30 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-manual
 rm -rf target/site/{.htaccess,apidocs}
 cp -pr target/site/* $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-manual
-%files -n %{?module_prefix}%{name} -f .mfiles
+%files -f .mfiles
 %license LICENSE.txt APACHE-LICENSE
 %files jdk14 -f .mfiles-%{name}-jdk14
 %files log4j12 -f .mfiles-%{name}-log4j12
 %files jcl -f .mfiles-%{name}-jcl
 %files ext -f .mfiles-%{name}-ext
 %files -n jcl-over-slf4j -f .mfiles-jcl-over-slf4j
 %files -n log4j-over-slf4j -f .mfiles-log4j-over-slf4j
 %files -n jul-to-slf4j -f .mfiles-jul-to-slf4j
 %files sources -f .mfiles-sources
 %license LICENSE.txt APACHE-LICENSE
 %files javadoc -f .mfiles-javadoc
 %license LICENSE.txt APACHE-LICENSE
 %files manual
 %license LICENSE.txt APACHE-LICENSE
 %{_defaultdocdir}/%{name}-manual
 %changelog
-* Wed Nov 20 2024 Marián Konček <mkoncek@redhat.com> - 1.7.30-14
+* Wed Apr 03 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 0:1.7.25-4
- Rebuild with regenerated Requires on Java
+- Rebuilt for MSVSphere 8.10 beta
 * Mon Jan 30 2023 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.30-13
 - Rebuild to regenerate auto-requires
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.30-12
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Wed Jun 09 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.30-11
 - Rebuild to workaround DistroBaker issue
 * Tue Jun 08 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.30-10
 - Bootstrap Maven for CentOS Stream 9
 * Mon May 17 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.30-9
 - Bootstrap build
 - Non-bootstrap build
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.30-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Sep 09 2020 Fabio Valentini <decathorpe@gmail.com> - 0:1.7.30-7
 - Disable unused log4j12 module.
 * Thu Jul 30 2020 Fabio Valentini <decathorpe@gmail.com> - 0:1.7.30-6
 - Port to commons-lang3.
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.30-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 0:1.7.30-4
 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
 * Thu Jun 25 2020 Roland Grunberg <rgrunber@redhat.com> - 0:1.7.30-3
 - Use source/target of 1.6 to build against Java 11.
 - Set javadoc plugin source value to 1.6.
 * Fri Mar 20 2020 Mat Booth <mat.booth@redhat.com> - 0:1.7.30-2
 - Fix broken OSGi metadata
 * Wed Feb 05 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> - 0:1.7.30-1
 - Update to upstream version 1.7.30
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.25-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.30-2
 - Build with OpenJDK 8
 * Thu Jan 23 2020 Marian Koncek <mkoncek@redhat.com> - 1.7.30-1
 - Update to upstream version 1.7.30
 * Tue Nov 05 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.28-2
 - Mass rebuild for javapackages-tools 201902
 * Tue Aug 13 2019 Marian Koncek <mkoncek@redhat.com> - 1.7.28-1
 - Update to upstream version 1.7.28
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.25-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.26-3
 - Mass rebuild for javapackages-tools 201901
 * Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.26-2
 - Disable slf4j-ext module
 * Thu May 09 2019 Dinesh Prasanth M K <dmoluguw@redhat.com> - 0:1.7.25-7
 - Rebuilt for Fedora 31
 * Wed Feb 27 2019 Marian Koncek <mkoncek@redhat.com> - 0:1.7.26-1
 - Update to upstream version 1.7.26
 - Fixes: RHBZ #1678877
 * Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.25-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7.25-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Mar 19 2018 Michael Simacek <msimacek@redhat.com> - 0:1.7.25-4
 - Disallow EventData deserialization by default (CVE-2018-8088)
`@ -1 +1 @@`
	`SOURCES/v_1.7.30.tar.gz`	`SOURCES/slf4j-1.7.25.tar.gz`
`@ -1 +1 @@`
	`99d103004692d3ced37c2afdec97b5bdf0c276bd SOURCES/v_1.7.30.tar.gz`	`f564e3825b62172e81874ec73fafcc2747fb3d3b SOURCES/slf4j-1.7.25.tar.gz`