dev-java/snakeyaml: add 2.0 - CVE-2022-1471

- skips 2 classes in META-INF/versions/9 due to https://bugs.gentoo.org/900433

Bug: https://bugs.gentoo.org/883853
Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Closes: https://github.com/gentoo/gentoo/pull/30235
Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

2 files changed, 77 insertions, 0 deletions

diff --git a/dev-java/snakeyaml/Manifest b/dev-java/snakeyaml/Manifest
index c2603d2f156f..97b875b06b47 100644
--- a/dev-java/snakeyaml/Manifest
+++ b/dev-java/snakeyaml/Manifest
@@ -1 +1,2 @@
 DIST snakeyaml-1.33.tar.gz 406196 BLAKE2B 9b7e7d7a5d35d433445737f4b5cc07744e3686a71cc4b9e44ce46153831b76f01da7ef6bc60ea82a7173283a77d0da500bea2bc7ee76bdde4ebda00aa6054aa8 SHA512 ad367d7e7bcb2225094d132df77d91e7401026af02f4ede14a2a4fc5cf78f0cfa1e4400f16f43a669faa2f0e444d36c3745e3c9df3d9114d62fee070c4c99414
+DIST snakeyaml-2.0.tar.gz 405458 BLAKE2B 69d81e0b23080ff86c1f6fe8a924a504d627c353bf9c026703ef54f14e572458e77c501415260667bcb18008ee96ca99cab7ed43c004d36fed781500f09054cf SHA512 ef4da2ae5f5e6cd7b68aabb0d37a4fdbd33be899cd1d4dad3210cc791ca85af57661f623898449841b930eaffc9e61cef337efa4e6371710307ef3758f0af329
diff --git a/dev-java/snakeyaml/snakeyaml-2.0.ebuild b/dev-java/snakeyaml/snakeyaml-2.0.ebuild
new file mode 100644
index 000000000000..9066dbd63aba
--- /dev/null
+++ b/dev-java/snakeyaml/snakeyaml-2.0.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+JAVA_PKG_IUSE="doc source test"
+MAVEN_ID="org.yaml:snakeyaml:2.0"
+JAVA_TESTING_FRAMEWORKS="junit-4"
+
+inherit java-pkg-2 java-pkg-simple
+
+DESCRIPTION="YAML 1.1 parser and emitter for Java"
+HOMEPAGE="https://bitbucket.org/snakeyaml/snakeyaml"
+SRC_URI="https://bitbucket.org/${PN}/${PN}/get/${P}.tar.gz"
+S="${WORKDIR}/snakeyaml-snakeyaml-59ddbb3304bb"
+
+LICENSE="Apache-2.0"
+SLOT="2"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+# Compile dependencies
+# POM: pom.xml
+# test? joda-time:joda-time:2.11.2 -> >=dev-java/joda-time-2.11.2:0
+# test? junit:junit:4.13.2 -> >=dev-java/junit-4.13.2:4
+# test? org.apache.velocity:velocity-engine-core:2.3 -> >=dev-java/velocity-2.3:0
+# test? org.projectlombok:lombok:1.18.24 -> !!!groupId-not-found!!!
+
+DEPEND="
+	>=virtual/jdk-11:*
+	test? (
+		dev-java/velocity:0
+		dev-java/joda-time:0
+	)
+"
+
+RDEPEND=">=virtual/jre-1.8:*"
+
+JAVA_SRC_DIR="src/main/java"
+JAVA_TEST_GENTOO_CLASSPATH="joda-time,junit-4,velocity"
+JAVA_TEST_RESOURCE_DIRS="src/test/resources"
+JAVA_TEST_SRC_DIR="src/test/java"
+
+# Workaround for https://bugs.gentoo.org/900433
+# src/main/java9/org/yaml/snakeyaml/internal/Logger.java:16:
+# error: duplicate class: org.yaml.snakeyaml.internal.Logger
+src_prepare() {
+	java-pkg-2_src_prepare
+	mv src/main/java{9,}/module-info.java || die
+}
+
+src_test() {
+	export EnvironmentKey1="EnvironmentValue1"
+	export EnvironmentEmpty=""
+
+	# Not packaged org.projectlombok:lombok - https://bugs.gentoo.org/868684
+	rm src/test/java/org/yaml/snakeyaml/env/EnvLombokTest.java || die # Tests run: 1
+	rm src/test/java/org/yaml/snakeyaml/issues/issue387/YamlExecuteProcessContextTest.java || die # Tests run: 1
+	rm src/test/java/org/yaml/snakeyaml/env/ApplicationProperties.java || die # No tests # import lombok.
+
+	# https://bugs.gentoo.org/871744
+	pushd src/test/java || die
+		local JAVA_TEST_RUN_ONLY=$(find * -name "*Test.java" \
+			! -name "StressTest.java" \
+			! -name "ParallelTest.java" \
+			! -name "AbstractTest.java" \
+			! -name "PyImportTest.java" \
+			! -name "Fuzzer50355Test.java" \
+			! -name "ContextClassLoaderTest.java" \
+			)
+	popd
+
+	JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//.java}"
+	JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//\//.}"
+
+	java-pkg-simple_src_test
+}