Audit 2.11 artifacts of 1.1.1 and 1.2.0 #308
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
For the Scalajs JARs, I wasn't able to compare the intermediate representation format files of Scalajs. These are binary files, and presumably there is some nondeterminism. On the other hand, the numerous .asm and .scalap produced by Scalajs were exactly the same. diff --git a/META-INF/MANIFEST.MF b/META-INF/MANIFEST.MF
index fe8651a..ef9dbca 100644
--- a/META-INF/MANIFEST.MF
+++ b/META-INF/MANIFEST.MF
@@ -1,11 +1,11 @@
Manifest-Version: 1.0
-Implementation-Vendor: org.scala-lang.modules
Implementation-Title: scala-xml
-Implementation-Version: 1.1.1
-Implementation-Vendor-Id: org.scala-lang.modules
+Implementation-Version: 1.1.1-SNAPSHOT
Specification-Vendor: org.scala-lang.modules
Specification-Title: scala-xml
+Implementation-Vendor-Id: org.scala-lang.modules
+Specification-Version: 1.1.1-SNAPSHOT
Implementation-URL: http://www.scala-lang.org/
-Specification-Version: 1.1.1
+Implementation-Vendor: org.scala-lang.modules
Main-Class: scala.xml.Properties
diff --git a/scala-xml.properties b/scala-xml.properties
index 5114b49..821dd25 100644
--- a/scala-xml.properties
+++ b/scala-xml.properties
@@ -1,4 +1,4 @@
-#Wed Sep 26 17:38:33 UTC 2018
+#Fri May 03 17:00:49 EDT 2019
scala.version.number=2.11.12
scala.binary.version.number=2.11
-version.number=1.1.1
+version.number=1.1.1-SNAPSHOT
diff --git a/scala/xml/Atom.sjsir b/scala/xml/Atom.sjsir
index ee24fba..d2d1207 100644
--- a/scala/xml/Atom.sjsir
+++ b/scala/xml/Atom.sjsir
Binary files differ
diff --git a/scala/xml/Attribute$.sjsir b/scala/xml/Attribute$.sjsir
index ff64b64..ede52c8 100644
--- a/scala/xml/Attribute$.sjsir
+++ b/scala/xml/Attribute$.sjsir
Binary files differ
diff --git a/scala/xml/Attribute$class.sjsir b/scala/xml/Attribute$class.sjsir
index 7de30e9..8a9c397 100644
--- a/scala/xml/Attribute$class.sjsir
+++ b/scala/xml/Attribute$class.sjsir
Binary files differ
diff --git a/scala/xml/Attribute.sjsir b/scala/xml/Attribute.sjsir
index e0f1e96..4d8813f 100644
--- a/scala/xml/Attribute.sjsir
+++ b/scala/xml/Attribute.sjsir
Binary files differ
diff --git a/scala/xml/Comment$.sjsir b/scala/xml/Comment$.sjsir
index f5eece2..a436c7f 100644
--- a/scala/xml/Comment$.sjsir
+++ b/scala/xml/Comment$.sjsir
Binary files differ
[...continuing for 230 more files]diff --git a/META-INF/MANIFEST.MF b/META-INF/MANIFEST.MF
index 95a14ee..a1b2057 100644
--- a/META-INF/MANIFEST.MF
+++ b/META-INF/MANIFEST.MF
@@ -1,11 +1,11 @@
Manifest-Version: 1.0
-Implementation-Vendor: org.scala-lang.modules
Implementation-Title: scala-xml
-Implementation-Version: 1.2.0
-Implementation-Vendor-Id: org.scala-lang.modules
+Implementation-Version: 1.2.0-SNAPSHOT
Specification-Vendor: org.scala-lang.modules
Specification-Title: scala-xml
+Implementation-Vendor-Id: org.scala-lang.modules
+Specification-Version: 1.2.0-SNAPSHOT
Implementation-URL: http://www.scala-lang.org/
-Specification-Version: 1.2.0
+Implementation-Vendor: org.scala-lang.modules
Main-Class: scala.xml.Properties
diff --git a/scala-xml.properties b/scala-xml.properties
index 852c9aa..5db90d9 100644
--- a/scala-xml.properties
+++ b/scala-xml.properties
@@ -1,4 +1,4 @@
-#Fri Apr 05 15:08:38 UTC 2019
+#Fri May 03 17:07:25 EDT 2019
scala.version.number=2.11.12
scala.binary.version.number=2.11
-version.number=1.2.0
+version.number=1.2.0-SNAPSHOT
diff --git a/scala/xml/Atom.sjsir b/scala/xml/Atom.sjsir
index ee24fba..d2d1207 100644
--- a/scala/xml/Atom.sjsir
+++ b/scala/xml/Atom.sjsir
Binary files differ
diff --git a/scala/xml/Attribute$.sjsir b/scala/xml/Attribute$.sjsir
index ff64b64..ede52c8 100644
--- a/scala/xml/Attribute$.sjsir
+++ b/scala/xml/Attribute$.sjsir
Binary files differ
diff --git a/scala/xml/Attribute$class.sjsir b/scala/xml/Attribute$class.sjsir
index 7de30e9..8a9c397 100644
--- a/scala/xml/Attribute$class.sjsir
+++ b/scala/xml/Attribute$class.sjsir
Binary files differ
diff --git a/scala/xml/Attribute.sjsir b/scala/xml/Attribute.sjsir
index e0f1e96..4d8813f 100644
--- a/scala/xml/Attribute.sjsir
+++ b/scala/xml/Attribute.sjsir
Binary files differ
diff --git a/scala/xml/Comment$.sjsir b/scala/xml/Comment$.sjsir
index f5eece2..a436c7f 100644
--- a/scala/xml/Comment$.sjsir
+++ b/scala/xml/Comment$.sjsir
Binary files differ
[...continuing for 235 more files] |
|
The Scala JARs were comparable. For 1.1.1, the only difference between the published JAR and a locally built JAR was some meta data: diff --git a/META-INF/MANIFEST.MF b/META-INF/MANIFEST.MF
index 47422bd..ef9dbca 100644
--- a/META-INF/MANIFEST.MF
+++ b/META-INF/MANIFEST.MF
@@ -1,49 +1,11 @@
Manifest-Version: 1.0
-Bnd-LastModified: 1537983148579
-Bundle-Description: scala-xml
-Bundle-License: http://opensource.org/licenses/BSD-3-Clause;description=
- BSD 3-clause
-Bundle-ManifestVersion: 2
-Bundle-Name: scala-xml
-Bundle-SymbolicName: org.scala-lang.modules.scala-xml
-Bundle-Vendor: org.scala-lang.modules
-Bundle-Version: 1.1.1
-Created-By: 1.6.0_41 (Sun Microsystems Inc.)
-Export-Package: scala.xml;version="1.1.1";uses:="javax.xml.parsers,org.x
- ml.sax,scala,scala.collection,scala.collection.generic,scala.collection
- .immutable,scala.collection.mutable,scala.collection.parallel,scala.col
- lection.parallel.immutable,scala.math,scala.reflect,scala.runtime,scala
- .sys.process,scala.util,scala.xml.dtd,scala.xml.factory,scala.xml.parsi
- ng,scala.xml.pull",scala.xml.dtd;version="1.1.1";uses:="scala,scala.col
- lection,scala.collection.immutable,scala.collection.mutable,scala.refle
- ct,scala.runtime,scala.xml,scala.xml.dtd.impl,scala.xml.parsing",scala.
- xml.dtd.impl;version="1.1.1";uses:="scala,scala.collection,scala.collec
- tion.immutable,scala.collection.mutable,scala.reflect,scala.runtime",sc
- ala.xml.factory;version="1.1.1";uses:="javax.xml.parsers,org.xml.sax,sc
- ala,scala.collection,scala.collection.immutable,scala.collection.mutabl
- e,scala.reflect,scala.runtime,scala.xml,scala.xml.parsing",scala.xml.in
- clude;version="1.1.1";uses:="scala.reflect",scala.xml.include.sax;versi
- on="1.1.1";uses:="org.xml.sax,org.xml.sax.ext,org.xml.sax.helpers,scala
- .reflect",scala.xml.parsing;version="1.1.1";uses:="javax.xml.parsers,or
- g.xml.sax,org.xml.sax.helpers,scala,scala.collection,scala.collection.g
- eneric,scala.collection.immutable,scala.collection.mutable,scala.io,sca
- la.math,scala.reflect,scala.runtime,scala.xml,scala.xml.dtd,scala.xml.f
- actory",scala.xml.persistent;version="1.1.1";uses:="scala,scala.collect
- ion,scala.reflect,scala.xml",scala.xml.pull;version="1.1.1";uses:="scal
- a,scala.collection,scala.collection.immutable,scala.collection.mutable,
- scala.io,scala.reflect,scala.runtime,scala.xml,scala.xml.dtd,scala.xml.
- parsing",scala.xml.transform;version="1.1.1";uses:="scala,scala.collect
- ion,scala.reflect,scala.runtime,scala.xml"
-Import-Package: javax.xml.parsers,org.xml.sax,org.xml.sax.ext,org.xml.sa
- x.helpers,scala,scala.collection;version="[2.11,3)",scala.collection.ge
- neric;version="[2.11,3)",scala.collection.immutable;version="[2.11,3)",
- scala.collection.mutable;version="[2.11,3)",scala.collection.parallel;v
- ersion="[2.11,3)",scala.collection.parallel.immutable;version="[2.11,3)
- ",scala.io;version="[2.11,3)",scala.math;version="[2.11,3)",scala.refle
- ct;version="[2.11,3)",scala.runtime;version="[2.11,3)",scala.sys;versio
- n="[2.11,3)",scala.sys.process;version="[2.11,3)",scala.util;version="[
- 2.11,3)",scala.util.control;version="[2.11,3)",scala.util.hashing;versi
- on="[2.11,3)",scala.util.matching;version="[2.11,3)"
-Private-Package: scala-xml.properties
-Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
-Tool: Bnd-2.4.0.201411031534
+Implementation-Title: scala-xml
+Implementation-Version: 1.1.1-SNAPSHOT
+Specification-Vendor: org.scala-lang.modules
+Specification-Title: scala-xml
+Implementation-Vendor-Id: org.scala-lang.modules
+Specification-Version: 1.1.1-SNAPSHOT
+Implementation-URL: http://www.scala-lang.org/
+Implementation-Vendor: org.scala-lang.modules
+Main-Class: scala.xml.Properties
+
diff --git a/scala-xml.properties b/scala-xml.properties
index cd06790..753d548 100644
--- a/scala-xml.properties
+++ b/scala-xml.properties
@@ -1,4 +1,4 @@
-#Wed Sep 26 17:32:27 UTC 2018
+#Fri May 03 16:32:48 EDT 2019
scala.version.number=2.11.12
scala.binary.version.number=2.11
-version.number=1.1.1
+version.number=1.1.1-SNAPSHOT |
|
Same for 1.2.0, diff --git a/META-INF/MANIFEST.MF b/META-INF/MANIFEST.MF
index d788801..0cd03cb 100644
--- a/META-INF/MANIFEST.MF
+++ b/META-INF/MANIFEST.MF
@@ -1,49 +1,11 @@
Manifest-Version: 1.0
-Bnd-LastModified: 1554476769579
-Bundle-Description: scala-xml
-Bundle-License: https://www.apache.org/licenses/LICENSE-2.0;description=
- Apache-2.0
-Bundle-ManifestVersion: 2
-Bundle-Name: scala-xml
-Bundle-SymbolicName: org.scala-lang.modules.scala-xml
-Bundle-Vendor: org.scala-lang.modules
-Bundle-Version: 1.2.0
-Created-By: 1.6.0_41 (Sun Microsystems Inc.)
-Export-Package: scala.xml;version="1.2.0";uses:="javax.xml.parsers,org.x
- ml.sax,scala,scala.collection,scala.collection.generic,scala.collection
- .immutable,scala.collection.mutable,scala.collection.parallel,scala.col
- lection.parallel.immutable,scala.math,scala.reflect,scala.runtime,scala
- .sys.process,scala.util,scala.xml.dtd,scala.xml.factory,scala.xml.parsi
- ng,scala.xml.pull",scala.xml.dtd;version="1.2.0";uses:="scala,scala.col
- lection,scala.collection.immutable,scala.collection.mutable,scala.refle
- ct,scala.runtime,scala.xml,scala.xml.dtd.impl,scala.xml.parsing",scala.
- xml.dtd.impl;version="1.2.0";uses:="scala,scala.collection,scala.collec
- tion.immutable,scala.collection.mutable,scala.reflect,scala.runtime",sc
- ala.xml.factory;version="1.2.0";uses:="javax.xml.parsers,org.xml.sax,sc
- ala,scala.collection,scala.collection.immutable,scala.collection.mutabl
- e,scala.reflect,scala.runtime,scala.xml,scala.xml.parsing",scala.xml.in
- clude;version="1.2.0";uses:="scala.reflect",scala.xml.include.sax;versi
- on="1.2.0";uses:="org.xml.sax,org.xml.sax.ext,org.xml.sax.helpers,scala
- .reflect",scala.xml.parsing;version="1.2.0";uses:="javax.xml.parsers,or
- g.xml.sax,org.xml.sax.helpers,scala,scala.collection,scala.collection.g
- eneric,scala.collection.immutable,scala.collection.mutable,scala.io,sca
- la.math,scala.reflect,scala.runtime,scala.xml,scala.xml.dtd,scala.xml.f
- actory",scala.xml.persistent;version="1.2.0";uses:="scala,scala.collect
- ion,scala.reflect,scala.xml",scala.xml.pull;version="1.2.0";uses:="scal
- a,scala.collection,scala.collection.immutable,scala.collection.mutable,
- scala.io,scala.reflect,scala.runtime,scala.xml,scala.xml.dtd,scala.xml.
- parsing",scala.xml.transform;version="1.2.0";uses:="scala,scala.collect
- ion,scala.reflect,scala.runtime,scala.xml"
-Import-Package: javax.xml.parsers,org.xml.sax,org.xml.sax.ext,org.xml.sa
- x.helpers,scala,scala.collection;version="[2.11,3)",scala.collection.ge
- neric;version="[2.11,3)",scala.collection.immutable;version="[2.11,3)",
- scala.collection.mutable;version="[2.11,3)",scala.collection.parallel;v
- ersion="[2.11,3)",scala.collection.parallel.immutable;version="[2.11,3)
- ",scala.io;version="[2.11,3)",scala.math;version="[2.11,3)",scala.refle
- ct;version="[2.11,3)",scala.runtime;version="[2.11,3)",scala.sys;versio
- n="[2.11,3)",scala.sys.process;version="[2.11,3)",scala.util;version="[
- 2.11,3)",scala.util.control;version="[2.11,3)",scala.util.hashing;versi
- on="[2.11,3)",scala.util.matching;version="[2.11,3)"
-Private-Package: scala-xml.properties
-Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
-Tool: Bnd-2.4.0.201411031534
+Specification-Title: scala-xml
+Specification-Version: 1.2.0-SNAPSHOT
+Specification-Vendor: org.scala-lang.modules
+Implementation-Title: scala-xml
+Implementation-Version: 1.2.0-SNAPSHOT
+Implementation-Vendor: org.scala-lang.modules
+Implementation-Vendor-Id: org.scala-lang.modules
+Implementation-URL: http://www.scala-lang.org/
+Main-Class: scala.xml.Properties
+
diff --git a/scala-xml.properties b/scala-xml.properties
index 4a47eda..31dd9be 100644
--- a/scala-xml.properties
+++ b/scala-xml.properties
@@ -1,4 +1,4 @@
-#Fri Apr 05 15:06:08 UTC 2019
-scala.version.number=2.11.12
+#Sun May 05 15:56:58 EDT 2019
scala.binary.version.number=2.11
-version.number=1.2.0
+scala.version.number=2.11.12
+version.number=1.2.0-SNAPSHOT |
|
Closing, since the shell script isn't useful going forward. It's here if anyone wants to resurrect it. |
|
Great work, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a concern that #247 raised a security vulnerability.
For version 1.1.1 and 1.2.0 of scala-xml, I audited the JARs for both Scala and Scalajs targets. I used Lightbend's jardiff utility, and this shell script.
As one would predict, I didn't unearth any malicious code or security vulnerabilities. Doing this audit was an interesting exercise, but not for the reasons of #247.