dev-java/dom4j: bump to 2.1.3 (CVE-2020-10683)

Bug: https://bugs.gentoo.org/719318
rewritten with java-pkg-simple.eclass
introducing "jaxen" USE flag

Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Volkmar W. Pogatzki <[email protected]>
Closes: gentoo#21319
Signed-off-by: Miroslav Šulc <[email protected]>

dev-java/dom4j/Manifest

@@ -1,2 +1,4 @@
 DIST dom4j-1.6.1-java5.patch.bz2 2900 BLAKE2B cdd7dc901f5292af3ef7f0ea200c3d22bbc8c0adc27606da3c8fbadc44625b114c995321723dca331f0b23d5248e1f9177f0def2f4138eebcbd4aaac0495d4dd SHA512 38da606d77b62976366cd089e5194a922e348ec396e7b9af4dceb0a536c47f66e0900cfa59c91df04aade6076630077a8f88c713b9c20224d69316109b293a96
 DIST dom4j-1.6.1.tar.gz 9687211 BLAKE2B 3daa3729ea071aa87c7c1e1e2b91f1635109774dd2bd564a85265a0286f1369373084b945409d9d5213d66a7e14224033d42c58d80125b7982eef8961eb29248 SHA512 95c5a7105a81734f77b4bf27f8bb0af116bf43d8ad5297a0902a6687a54109a87dffe2953cf430d14947cdaa590aa0fdf083b46a91d1d98d48431cfae4459d94
+DIST dom4j-2.1.3.tar.gz 565918 BLAKE2B d6f8c9ae22f84086491ca7e60e5498edda727b219b4fe019da8f62a441dc3cea86ecf0554e32f8e717e21234b8ef8e2905946ab3722462f1fa748ad7e68e9e20 SHA512 8c4d7b4f2dd1b3f806e0d5103101998a094c31e9a4912539dcee32f24b35452c7f0d72c5f4cf55f8a8c9a416fee7284f9bca43ae56b0e66104b2b54fdb49ad96
+DIST jaxen-1.2.0.jar 232455 BLAKE2B 6bd16e8ac34f3af1b9d61218dc6a29862178516cfbb98c6834bf6db846b537e44b48db6ff578b3d67d32c3e2b142e44440a2fdcc6dc06a6ea427b04e6bf1f370 SHA512 cad582fc12d0741e9e6fd7e0cf80a50feb04f5ef42043df96f8a5b78476c77695d8b43836d2241f76b35676ea759921edd25eaeb2c04ec916eb138aa2901ce5f

dev-java/dom4j/dom4j-2.1.3.ebuild

@@ -0,0 +1,75 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Skeleton command:
+# java-ebuilder --generate-ebuild --workdir . --pom dom4j-2.1.3.pom --download-uri https://github.com/dom4j/dom4j/archive/refs/tags/version-2.1.3.tar.gz --slot 1 --keywords "~amd64 ~arm ~arm64 ~ppc64 ~x86" --ebuild dom4j-2.1.3.ebuild
+
+EAPI=7
+
+JAVA_PKG_IUSE="doc source test"
+MAVEN_ID="org.dom4j:dom4j:2.1.3"
+JAVA_TESTING_FRAMEWORKS="testng"
+
+inherit java-pkg-2 java-pkg-simple
+
+DESCRIPTION="flexible XML framework for Java"
+HOMEPAGE="https://dom4j.github.io/"
+SRC_URI="https://github.com/${PN}/${PN}/archive/refs/tags/version-${PV}.tar.gz -> ${P}.tar.gz
+	https://repo1.maven.org/maven2/jaxen/jaxen/1.2.0/jaxen-1.2.0.jar"
+
+LICENSE="dom4j"
+SLOT="1"
+KEYWORDS="~amd64 ~x86"
+IUSE="jaxen"
+
+CDEPEND="
+	dev-java/jaxb-api:2
+	dev-java/xpp2:0
+	dev-java/xpp3:0
+	dev-java/xsdlib:0
+	jaxen? ( dev-java/jaxen:1.2[dom4j] )
+"
+DEPEND="${CDEPEND}
+	>=virtual/jdk-1.8:*
+	test? ( dev-java/xerces:2 )
+"
+
+# Runtime dependencies
+# POM: ${P}.pom
+# javax.xml.bind:jaxb-api:2.2.12 -> !!!groupId-not-found!!!
+# javax.xml.stream:stax-api:1.0-2 -> java-virtuals/stax-api:0
+# jaxen:jaxen:1.1.6 -> >=dev-java/jaxen-1.2.0:1.2
+# net.java.dev.msv:xsdlib:2013.6.1 -> >=dev-java/xsdlib-20090415:0
+# pull-parser:pull-parser:2 -> >=dev-java/xpp2-2.1.10:0
+# xpp3:xpp3:1.1.4c -> >=dev-java/xpp3-1.1.4c:0
+
+RDEPEND="${CDEPEND}
+	>=virtual/jre-1.8:*
+"
+
+PATCHES=(
+	# XmlStartTag.java:31: error: ProxyXmlStartTag is not abstract and does not override abstract method removeAttributeByRawName
+	# patch from https://github.com/dom4j/dom4j/pull/22
+	"${FILESDIR}"/dom4j-2.1.3-xpp3-add-removeAttribute.patch
+)
+
+S="${WORKDIR}/${PN}-version-${PV}"
+
+# dom4j has a cyclic dependency on jaxen[dom4j].
+# The downloaded jaxen-1.2.0.jar is provided for compilation only.
+# No prebuilt software is actually installed onto the system.
+JAVA_GENTOO_CLASSPATH_EXTRA="${DISTDIR}/jaxen-1.2.0.jar"
+JAVA_GENTOO_CLASSPATH="jaxb-api-2,xpp2,xpp3,xsdlib"
+JAVA_SRC_DIR="src/main/java"
+
+JAVA_TEST_GENTOO_CLASSPATH="testng,xerces-2"
+JAVA_TEST_SRC_DIR="src/test/java"
+JAVA_TEST_RESOURCE_DIRS="xml"
+
+src_prepare() {
+	default
+
+	if use jaxen; then
+		JAVA_GENTOO_CLASSPATH+=" jaxen-1.2"
+	fi
+}

dev-java/dom4j/files/dom4j-2.1.3-xpp3-add-removeAttribute.patch

@@ -0,0 +1,47 @@
+diff --git a/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java b/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
+index 08b88fc..aa27c10 100644
+--- a/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
++++ b/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
+@@ -211,7 +211,7 @@ public class ProxyXmlStartTag implements XmlStartTag {
+      * @throws XmlPullParserException
+      *             DOCUMENT ME!
+      */
+-    public void removeAtttributes() throws XmlPullParserException {
++    public void removeAttributes() throws XmlPullParserException {
+         if (element != null) {
+             element.setAttributes(new ArrayList());
+
+@@ -221,6 +221,33 @@ public class ProxyXmlStartTag implements XmlStartTag {
+         }
+     }
+
++    public boolean removeAttributeByName(String namespaceURI, String localName) throws XmlPullParserException {
++        if (element != null) {
++            for (Iterator<Attribute> iter = element.attributeIterator(); iter.hasNext();) {
++                Attribute attribute = iter.next();
++
++                if (namespaceURI.equals(attribute.getNamespaceURI())
++                        && localName.equals(attribute.getName())) {
++                    return element.remove(attribute);
++                }
++            }
++        }
++        return false;
++    }
++
++    public boolean removeAttributeByRawName(String rawName) throws XmlPullParserException {
++        if (element != null) {
++            for (Iterator<Attribute> iter = element.attributeIterator(); iter.hasNext();) {
++                Attribute attribute = iter.next();
++
++                if (rawName.equals(attribute.getQualifiedName())) {
++                    return element.remove(attribute);
++                }
++            }
++        }
++        return false;
++    }
++
+     public String getLocalName() {
+         return element.getName();
+     }

dev-java/dom4j/metadata.xml

@@ -5,6 +5,9 @@
 		<email>[email protected]</email>
 		<name>Java</name>
 	</maintainer>
+	<use>
+		<flag name="jaxen">Includes org.jaxen.dom4j package</flag>
+	</use>
 	<longdescription>
 		Easy to use, open source library for working with XML, XPath and
 		XSLT on the Java platform using the Java Collections Framework