Fix CVE-2023-35887

(cherry picked from commit 91fac8710abf01ff4259485c5b5b061a9b5d05e9)
2024-01-11 16:20:56 +08:00 · 2024-01-11 16:20:56 +08:00 · e7c7e18533
commit e7c7e18533
parent 93906a0d43
2 changed files with 2345 additions and 4 deletions
--- a/CVE-2023-35887.patch
+++ b/CVE-2023-35887.patch
--- a/apache-sshd.spec
+++ b/apache-sshd.spec
@ -1,13 +1,15 @@
 Epoch:               1
 Name:                apache-sshd
 Version:             2.9.2
-Release:             1
+Release:             2
 Summary:             Apache SSHD
 License:             ASL 2.0 and ISC
 URL:                 http://mina.apache.org/sshd-project
 Source0:             https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz
 Patch0:              0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
 Patch1:              apache-sshd-javadoc.patch
 # https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
 Patch2:              CVE-2023-35887.patch
 BuildRequires:       maven-local mvn(junit:junit) mvn(net.i2p.crypto:eddsa) mvn(org.apache.ant:ant)
 BuildRequires:       mvn(org.apache:apache:pom:) mvn(org.apache.felix:maven-bundle-plugin)
@ -32,9 +34,7 @@ Summary:             API documentation for %{name}
 This package provides %{name}.
 %prep
-%setup -q
+%autosetup -p1
 %patch0 -p1
 %patch1 -p1
 rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
 %pom_remove_dep :spring-framework-bom
 %pom_remove_dep :testcontainers-bom sshd-sftp sshd-core
@ -71,6 +71,9 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
 %license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt
 %changelog
 * Thu Jan 11 2024 yaoxin <yao_xin001@hoperun.com> - 1:2.9.2-2
 - Fix CVE-2023-35887
 * Mon Nov 21 2022 liangqifeng <liangqifeng@ncti-gba.cn> - 1:2.9.2-1
 - Fix CVE-2022-45047