xstream-parent-1.4.17-3.11.2 >  A `p9|ӏ|\p$SNyeAGu Oϯps2b碦-l.Ē{U:;R4?r8y$*d!  UԋxV@`- _7yI;0'0谹ꣾ)" *G".7ly+sN' - mk?BHc?=SiC}%{_fQڔj ?~mRto=l_hcfcf378a291e00cd52bb976e218c78be6f9fe3f3dcd271ebbe4d11e5ee720c9e500270123f2ce5b00ef5ba6374810c2963c19f82/`p9|72 .J9S_LP,p>?d  6PT\`y    (  Hh*(W8` 9 :> FGH IXY$\<]H^~bcxdefluv$wpx|yzCxstream-parent1.4.173.11.2Parent POM for xstreamParent POM for xstream.`sheep64SUSE Linux Enterprise 15SUSE LLC BSD-3-Clausehttps://www.suse.com/Development/Libraries/Javahttps://x-stream.github.io/linuxnoarch?ЁA큤```85ad8ca3f482ea466914cd2873e4bfe373aa6e06fabc674d09cf76da9ba5686b793763f9f6426fd9b520aa5476d43e7ac2c4163de9aaf251a39852ab6e071c9frootrootrootrootrootrootxstream-1.4.17-3.11.2.src.rpmmvn(com.thoughtworks.xstream:xstream-parent:pom:)xstream-parent@@@    java-headlessjavapackages-filesystemmvn(org.codehaus.mojo:build-helper-maven-plugin)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)xstream3.0.4-14.6.0-14.0-15.2-11.4.17-3.11.24.14.1``x*`Gc@\~d\Yz\Z!D@Z@WVn@VA@fstrba@suse.comfstrba@suse.comjrenner@suse.comfkobzik@suse.commichele.bologna@suse.commoio@suse.commc@suse.comjgonzalez@suse.commoio@suse.commoio@suse.commoio@suse.com- Upgrade to 1.4.17 * Security fix: * bsc#1186651, CVE-2021-29505: potential code execution when unmarshalling with XStream instances using an uninitialized security framework- Upgrade to 1.4.16 * Security fixes: + bsc#1184796, CVE-2021-21351: remote attacker to load and execute arbitrary code + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources + bsc#1184380, CVE-2021-21350: arbitrary code execution + bsc#1184374, CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time + bsc#1184378, CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host + bsc#1184375, CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host + bsc#1184379, CVE-2021-21342: server-side forgery + bsc#1184377, CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time + bsc#1184373, CVE-2021-21346: remote attacker could load and execute arbitrary code + bsc#1184372, CVE-2021-21345: remote attacker with sufficient rights could execute commands + bsc#1184376, CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host - Add patch: * Revert-MXParser-changes.patch + revert changes that would force us to add new dependency- Upgrade to 1.4.15 * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259 - Upgrade to 1.4.14 * fixes bsc#1180994, CVE-2020-26217 - Update xstream to 1.4.15~susemanager Removed: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * build.sh- Update xstream to 1.4.10 Added: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * xstream-XSTREAM_1_4_10.tar.gz Removed: * 0001-Prevent-deserialization-of-void.patch * xstream-XSTREAM_1_4_9.tar.gz * xstream-XSTREAM_1_4_9-jdk11.patch - Major changes: - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework. - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.- Feat: modify patch to be compatible with JDK 11 building Added: * xstream-XSTREAM_1_4_9-jdk11.patch Removed: * xstream-XSTREAM_1_4_9-jdk9.patch- fixes for SLE 15 compatibility- fix possible Denial of Service when unmarshalling void. (CVE-2017-7957, bsc#1070731) Added: * 0001-Prevent-deserialization-of-void.patch- Fix build for JDK9 - Disable javadoc generation (broken for SLE15 and Tumbleweed) - Add: * xstream-XSTREAM_1_4_9-jdk9.patch - Changed: * build.sh- Require building on Java 8, otherwise the LambdaMapper class is skipped (issue 30)- Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950)- Initial versionsheep64 16232373311.4.171.4.17-3.11.2xstream-xstream-parent.xmlxstreamxstream-parent.pom/usr/share/maven-metadata//usr/share/maven-poms//usr/share/maven-poms/xstream/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:19902/SUSE_SLE-15-SP2_Update/f284c583484c66b65b911ee437c78a29-xstream.SUSE_SLE-15-SP2_Updatecpioxz5noarch-suse-linuxXML 1.0 document, ASCII textdirectoryexported SGML document, ASCII textPRRRtQ$ 9]ٍwutf-8ed33dd8e21fd9dc1e32474d44dce495c8c012d18a88faa72ae057aedb89a30ca? 7zXZ !t/_o] crv(vX0{iq[)LĽHak/0gv"vMȄ ?'Ru_Cs1@iz'<uc`AG;> 4V1#R VH6wyMA0v#=]x09ܝp#Sy8&x}p?RݚpExn8{Jrxk7)ہN\wl58F8=6WFp&ŹQ!N'ehgUOpWTL,0FZ|oMȦni!*-E 2bًŁy]u H]ik qH~J";}\% Xv'uUD:XRjտqȵ)|lM}&z$f*3^3x7`W SL߭tbmW  \Q]z.5>Ȧ LJia 1)?ڗGiW܆Vl'ۥIawTN|뾃bFM0}[]rts:d% eS`d[ > V8xYL ׄ[-e5BߵtSߊQˬLǜTxǥ8S Tk-?V@K{ku.\ jƸt҉01DArnߪx:6Թ=}հGkˠ.s_=/s=#km<V*8ۼ/ oWZ#Ob嗁^{zRog9Y$9=@PbH"!k͛}d+ż-xEUjkDű\9uoow ^Iz^jYK@t6P#%ps.澃W%ýhz!muN} +0H2,YSZq*.U~Yr@ +޿01ώkIҸ?Ek( Y~ޟ%4Aį,6TqMN/|}$0Ix 7zmzuW qΝQK$N%x?es6gp?)_3Y? n.`t%ʤW)zIMJ&0&}0- ]EɶQR Wd"5D-$;>'b@L\sh!ᡇ6}?2m$,3*X(~T" $ ,^2A`T/!D֭Fۻ/CTS*/qL&;g4IzuiV*xI4?(G"j[5`2vΧ4F1roVpfIqsk[SVD?lT̄zs*QlS-ˤŰMzsRp*tݚ72,C  {[su ~HJl|Veqޡ:c6hU]' ЛO=!23ɥNeݽ_2fl#93# CЊbfcjp?$?0AgqA҃}V KGgIMF *P*U hƺ[^3-_?)2*τyA=U{~z6cWa$߾joI9]"yiYzMja~K`S`K;'_nVk jOEdœ\$&_O]iVXxdlƯceoJYo ~s^Wdǥ+޴ ).k-s/5-_hԷTLl_9CT1H>q0-u.`pxv~d-p8glzi~Ch+:!*gia cքH^rՃ)X2eI8]=u&G?"&d:^£G4ޯ*SZxCIxuŜUN/[ʨʪ 2jb[yয় 1O|mwba`9u6H2;[fz;=g:D.TMqmKE}Vqsy[ʴ ٴUmYHj yTy\>U}K*/`c9oVztIAtze/u=)Td+acL>a|_﨣.\^H-zNqvYc/6rM̅ǣnqvь "HjRisjTMPi]]y k..^"B),{AQ~SxK  CJܯ%-%w5m:jQRUsLtX@XK1.=XsY4?D%$"h&IJ>ђ|M%#3'M- DE:=l.'-|?:U; #K&@ Šff4H#7Rwf8nM_̶`;ݙAعBesR3pɬ9bWݐCgT mZCKT.X桶[`(nr'6Il6MMx xQ[Of{+7Ld$T]AelBr1Qr9G0փ͉W@7KKL@^#k"#Fmr*eV֍w>O#[ov_vS:I=@ÜOIJ5Zdpk,,DV"Oā+PcP'ꡖ pF 2ɨBB=jN"1c|=!xB- H cO]~J)nĉMWa-HFQ%z9+oMln^V=Ƙ1s\7T~XO5cjX<|}ےs!#h>t(rlWY T$Tk#ŁO0Eǟ~ymɉ-#g>o#fbRnhNE4xdqDuTz1_jF=?4Wڀ~cJ,Fb {tTKwDtֳ AKɓhp6 L.q JCc|nce"70% 9iSQtwƃbdkfKe3cK }Ɯ A2cQlf}1:ew0V `(f_ @΅ (a,Z7e{h,Au&,L qqEdEQ[?щ,|EL@!Uvy֜Nr?'۲S 5CP~¾"QēY,nR$HuGal.RBaӨcm.Q/wl4T&w %[ڽW޹Lü^2DB?\0!9BIBy ޴PiD3'잹K܊652VCl .qOքuZ<p'U[ &ީUјlʶM䆛U|,{ȯvؐްi<2lۻsxKmL|=tmӁ\YZ>32OwH ,-n9@bKR][JNLo3 u\+S;,cFhPG 6KllV`jyd 1ir+${6b!3FZ|XTWQ#Mr