xstream-parent-1.4.17-lp152.2.9.1 4>$  Ap`X&/=„'8Mm”pat ժg!TE4l< |-=*;b W|Efj~&~zqiY:ƊٻMvS%aK*c^12ƽL;A:f4f/`CK$O.=*.:ccOox+@㔍|k_i6g5˦qh=g/' zywGFԣ6~PmiKaGpux'yB*x567e52d977b39e4770656c0060e441234184bfc00f21edccff589fa38af53981d033ea3a09e7aaa6cadbb8493d78358b93cf5d840`X&/=„@ Pt4_!D:t`4NiP"i;a,le.O  uO>;[N5LL<S: `Ax3/ӬiNo[f, ׭˄9&u8'i(IYrN{@>  H^ aYSO0FOШZcUB7 3u] 5&Ĉ㆒j2$6U~DM ' s{.zozpxve ™nL0tߺ>X(K`>p>X?Hd $ ;TX`dw      8X(L8T 9 :y F'G<HHITXXY`\|]^bcdIeNfQlSuhvtwxyzDCxstream-parent1.4.17lp152.2.9.1Parent POM for xstreamParent POM for xstream.`Xbuild82openSUSE Leap 15.2openSUSEBSD-3-Clausehttp://bugs.opensuse.orgDevelopment/Libraries/Javahttps://x-stream.github.io/linuxnoarch?ЁA큤`X`X`X0a511cadaff1b006e97794b7c65c3c1f53ee450a5703ba8ef4cd7d838a7ac0b1793763f9f6426fd9b520aa5476d43e7ac2c4163de9aaf251a39852ab6e071c9frootrootrootrootrootrootxstream-1.4.17-lp152.2.9.1.src.rpmmvn(com.thoughtworks.xstream:xstream-parent:pom:)xstream-parent@@@    java-headlessjavapackages-filesystemmvn(org.codehaus.mojo:build-helper-maven-plugin)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)xstream3.0.4-14.6.0-14.0-15.2-11.4.17-lp152.2.9.14.14.1``x*`Gc@\~d\Yz\Z!D@Z@WVn@VA@Fridrich Strba Fridrich Strba Johannes Renner Frantisek Kobzik michele.bologna@suse.commoio@suse.commc@suse.comjgonzalez@suse.commoio@suse.commoio@suse.commoio@suse.com- Upgrade to 1.4.17 * Security fix: * bsc#1186651, CVE-2021-29505: potential code execution when unmarshalling with XStream instances using an uninitialized security framework- Upgrade to 1.4.16 * Security fixes: + bsc#1184796, CVE-2021-21351: remote attacker to load and execute arbitrary code + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources + bsc#1184380, CVE-2021-21350: arbitrary code execution + bsc#1184374, CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time + bsc#1184378, CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host + bsc#1184375, CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host + bsc#1184379, CVE-2021-21342: server-side forgery + bsc#1184377, CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time + bsc#1184373, CVE-2021-21346: remote attacker could load and execute arbitrary code + bsc#1184372, CVE-2021-21345: remote attacker with sufficient rights could execute commands + bsc#1184376, CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host - Add patch: * Revert-MXParser-changes.patch + revert changes that would force us to add new dependency- Upgrade to 1.4.15 * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259 - Upgrade to 1.4.14 * fixes bsc#1180994, CVE-2020-26217 - Update xstream to 1.4.15~susemanager Removed: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * build.sh- Update xstream to 1.4.10 Added: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * xstream-XSTREAM_1_4_10.tar.gz Removed: * 0001-Prevent-deserialization-of-void.patch * xstream-XSTREAM_1_4_9.tar.gz * xstream-XSTREAM_1_4_9-jdk11.patch - Major changes: - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework. - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.- Feat: modify patch to be compatible with JDK 11 building Added: * xstream-XSTREAM_1_4_9-jdk11.patch Removed: * xstream-XSTREAM_1_4_9-jdk9.patch- fixes for SLE 15 compatibility- fix possible Denial of Service when unmarshalling void. (CVE-2017-7957, bsc#1070731) Added: * 0001-Prevent-deserialization-of-void.patch- Fix build for JDK9 - Disable javadoc generation (broken for SLE15 and Tumbleweed) - Add: * xstream-XSTREAM_1_4_9-jdk9.patch - Changed: * build.sh- Require building on Java 8, otherwise the LambdaMapper class is skipped (issue 30)- Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950)- Initial versionbuild82 16239391001.4.171.4.17-lp152.2.9.1xstream-xstream-parent.xmlxstreamxstream-parent.pom/usr/share/maven-metadata//usr/share/maven-poms//usr/share/maven-poms/xstream/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16523/openSUSE_Leap_15.2_Update/ba1d6f77b654a4b2de03055dee2f5a75-xstream.openSUSE_Leap_15.2_Updatecpioxz5noarch-suse-linuxXML 1.0 document, ASCII textdirectoryexported SGML document, ASCII textPRRR&%|kutf-8d5c716415aadc9c2d6cd452c9484838bb1dad56eb868bdea76bf97e87b021013? 7zXZ !t/_o] crv(vX09z6ϥA lF RE*ZQ%N0 Ky7{FjYq.]p,J\;XCnC}\r$c䫝h) yRR&-Fo<'Nn։O(V},Lv(vo>y5]Xn'a/0x[pBƬ5QqI*ĨCrO f a!vѦVp7Jnsf~X4ptkn4l^*Ӯjeg:# Ppڌ翅~5̂bh!p&q5r#niS7YCuc] ~\ c.b-(-Hd+26& Y/|I5׳NP|:Z,<&ifv.g73Rb]D%eϫ" ]e{ C>i[F7`ӗ;BZ՛S1J#pV%<-Fę+o#*U{ey>hB@HX1 _<2h6k_ތSHU> ᄩǩT`@기:wo֘Jl˫g{"piN: ݮ7.SDz4W:y9As.IƤD PB@\w*{lV Z&ṙ/h.`H_H.yXX0iq\s4*A:积\:jC'p8=ƻryǗuZeq?P&@! UT^oFUc҇]k:vC-([DTUG[UܥꞵyZz&# vhr{ŜRnb @|cIRcW~ǪX42]cDn5<זh}ARر3Yh$ zuk ~eW:v=^0zi!ݎ4l/ZN>Q57LiK1T3#)r銑-~Ϋ/±S^5OE %*VWrL+W TFx}?-W$y5Q-{3ԣhQ麵KkV6~H_-VGJGeXPY[qxa{.IQc25'O*Ya0x8߻jkZ3L|6"kJч:@hY' "i&צ)IMwIGr=\<×ED?Gn͈ScCjB'Å}RLcܹX Cì]_hᶝ #'PI7ߍ0߽t%)λt{:_s#ù.c{AZ|NS ;f$gi.ĽM `oq`3,̩t~ kǼhs?vnH'ʵJr}xƍ1ܖ4<:?}qA̚ER/3-,hcI#Ξ̆[].D\`^Ux?Jrm^;w4zSӸx *Ѷ̞>nx8H tl/o1Z%3!% xCKvKs(}LƇޡ^r3 Bk1=R QtmcE"eEA0D~w`Jؑ#ٝjPk4] f_FJN0mo_-$ZBuC!x>hBϽaXVIM` ܏MDfd׸2c:q|:GP!i|MTV`#A2B \Sra%A~kB;_y~s˕VA?T&HI4b,1*aGUΥx&Xf-|̭] hO`nsJN/_kbk:j@gZ Ȁ2D_{2O*yO:zP^֎CbW0,S;02x_ҜκNsyOaxhtuq67yVFA1hYCUei'pdzO;& n)cя7dn7ol?\:ǜW0.- ? ~j0q$fGran|V.gmll:iF't.Z4J<tukCLMbUpmbrNjm &Ume5 ;qE[]K`yhS E]e =@"J|ljo9__g](>4xS7չ9#Ύ?ZoZ(Bβnޤk:!p7 rBŵrrJ\$ch5-UZca7F[@OрR01(<(P|wmq[2i cNMgef;NZɂR/uXDAjy;y44S P8J{ggxe;!:t %YJ˝ugdӋːU +B* 9Bf'&{OˊZchEGWojqHp6AZgdž™S[{WTc͸s'A!fޔ-;G|XLFUͰ݀N|%X2]v=EV)yslmm$ 'H395=o=n2B,]-/bDױ$f*X|_0gD=jnWz%U^OwB^~%!,v뺇SAR墤9@pK?ӝ[.g^)cY:;#Po|ۉ%f@OX@xt8Zs+i+/͝tM*zS&iKZ }<&Y.'JilId ^w`J库ǔ>$|Ekv7/.V/S K>ظ|YXhl!u%6xHkRtC)ˤJ?H؈\vt|_ lϨmlqƭ14Q?@:^+i+@P^$'w;YqЊK/IDSz֩y`SWEQu9 d*ax]>2{&'Gzڳ6#m̩ܦ+~%&Ml3J;OPtnغaaSAid7,DMDaDui&?I1#MA'4 x+*h΅zQ1+TrnSm&Lw+1uJUy a!)!fq'vi mUIUQQ4EM4I5/cŁS+w@"4|ֽ=ޤQ=r+%[(!vFrKgDϡ5ft+5sܓ#GcI&(h3+{NU;~ 1 [-;No6Qs7‘ܣbma$M:Hh\141P,T%͔i3H>P" :XCq)E)_Jl !D8VVˮqmLYI}A2~pL=e•~ yZGj&#:m'JJ>&Z bE-o#@J*Q~JMB ԁkL^T{7G'0C6ϒ!ffV+ 2FrXu@"dy :j٤y*,2% x!ĩk6 5rO^߈` & !kרJ\PĞ7,* bEiԗjǐW p~vPMkIv2#ҪN ֳfzʭp6g+E)h_G Z/<5=؏lt86l*5k*h4'Jubឈ)k= Afѥ '9q~{`!nzH2a%b"Fg<25m0|%33dcl-2XVgFxKޢ!]G cs]ː?gWT4څh"Y4d_iA %;$d0UR騁GN ~Q'` IrguHx5Z9 фiy91h_KC.w;WWDDճK.Aćeg+C⎘s@da@-RXn({x6]jgػgmg8 .BI'Qtu/͋U,Hs,E,yv $꘰%G9B} &kILUQ )U/3~EP\y6H္:Xd;")E L:K@G6B:e?3?{.gLDwrq53: $MEJf.D#ur"TNk=ߐ߃ r!KEqcfe#~JRcdoK!' DpтxJU$V .%@,ő|҂榕ި]c .m,Ό!;,eYGQv((|UZ}w+f PlF Ä*TɏMZwL+^c[Caי\inoTeD-rt$`n1^d[-T I YZ