Upgrade to version 6.5.0

CVE-2022-34169.patch

@@ -5,12 +5,12 @@ Subject: [PATCH] 8285407: Improve Xalan supports
 
 Refer: https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492
 ---
- .../org/apache/bcel/classfile/ConstantPool.java    | 12 ++++++++++--
+ .../java/org/apache/bcel/classfile/ConstantPool.java | 12 ++++++++++--
- .../org/apache/bcel/generic/ConstantPoolGen.java   | 14 ++++++++++++--
+ .../org/apache/bcel/generic/ConstantPoolGen.java     | 12 +++++++++++-
- 2 files changed, 22 insertions(+), 4 deletions(-)
+ 2 files changed, 21 insertions(+), 3 deletions(-)
 
 diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
-index c8bc32a..9e465c6 100644
+index c2926c0..cb38cbc 100644
 --- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
 +++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
 @@ -22,6 +22,7 @@ import java.io.DataOutputStream;
@@ -25,22 +25,22 @@ index c8bc32a..9e465c6 100644
       * @throws IOException
       */
      public void dump( final DataOutputStream file ) throws IOException {
--        file.writeShort(constant_pool.length);
+-        file.writeShort(constantPool.length);
--        for (int i = 1; i < constant_pool.length; i++) {
+-        for (int i = 1; i < constantPool.length; i++) {
-+       /*
++	/*
-+        *  Constants over the size of the constant pool shall not be written out.
++	 * Constants over the size of the constant pool shall not be written out.
-+        *  This is a redundant measure as the ConstantPoolGen should have already
++	 * This is a redundant measure as the ConstantPoolGen should have already
-+        *  reported an error back in the situation.
++	 * reported an error back in the situation.
-+        */
++	 */
-+	int size = constant_pool.length < ConstantPoolGen.CONSTANT_POOL_SIZE - 1 ?
++        int size = constantPool.length < ConstantPoolGen.CONSTANT_POOL_SIZE - 1 ?
-+                    constant_pool.length : ConstantPoolGen.CONSTANT_POOL_SIZE - 1;
++                    constantPool.length : ConstantPoolGen.CONSTANT_POOL_SIZE - 1;
 +        file.writeShort(size);
 +        for (int i = 1; i < size; i++) {
-             if (constant_pool[i] != null) {
+             if (constantPool[i] != null) {
-                 constant_pool[i].dump(file);
+                 constantPool[i].dump(file);
              }
 diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
-index f3a766e..9c7f252 100644
+index 5a09e0d..6f3d508 100644
 --- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
 +++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
 @@ -52,6 +52,7 @@ import org.apache.bcel.classfile.ConstantUtf8;
@@ -56,7 +56,7 @@ index f3a766e..9c7f252 100644
          final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE);
  
 -        size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64);
-+        size = Math.min(cs.length, CONSTANT_POOL_SIZE);
++        size      = Math.min(cs.length, CONSTANT_POOL_SIZE);
          constants = new Constant[size];
  
          System.arraycopy(cs, 0, constants, 0, cs.length);
@@ -64,19 +64,18 @@ index f3a766e..9c7f252 100644
      /** Resize internal array of constants.
       */
      protected void adjustSize() {
--        if (index + 3 >= size) {
 +        // 3 extra spaces are needed as some entries may take 3 slots
 +        if (index + 3 >= CONSTANT_POOL_SIZE) {
 +            throw new RuntimeException("The number of constants " + (index + 3)
 +                  + " is over the size of the constant pool: "
-+                  + (CONSTANT_POOL_SIZE - 1));
++		  + (CONSTANT_POOL_SIZE - 1));
-+        }
++	}
 +
-+	if (index + 3 >= size) {
+         if (index + 3 >= size) {
              final Constant[] cs = constants;
              size *= 2;
 +            // the constant array shall not exceed the size of the constant pool
-+            size = Math.min(size, CONSTANT_POOL_SIZE);
++            size       = Math.min(size, CONSTANT_POOL_SIZE);
              constants = new Constant[size];
              System.arraycopy(cs, 0, constants, 0, index);
          }

bcel.spec

@@ -1,8 +1,8 @@
 Name:           bcel
-Version:        6.4.1
+Version:        6.5.0
-Release:        2
+Release:        1
 Summary:        Byte Code Engineering Library
-License:        ASL 2.0
+License:        Apache-2.0
 URL:            http://commons.apache.org/proper/commons-bcel/
 Source0:        http://archive.apache.org/dist/commons/bcel/source/bcel-%{version}-src.tar.gz
 Patch0:         CVE-2022-34169.patch
@@ -17,7 +17,7 @@ give users a convenient possibility to analyze, create, and manipulate (binary)
 Java class files (those ending with .class).
 
 %prep
-%autosetup -p1 -n %{name}-%{version}-src
+%autosetup -n %{name}-%{version}-src -p1
 %pom_remove_plugin :maven-source-plugin
 %pom_remove_plugin :spotbugs-maven-plugin
 %mvn_alias : bcel: apache:
@@ -38,6 +38,9 @@ Java class files (those ending with .class).
 %{_javadocdir}/%{name}
 
 %changelog
+* Thu Oct 20 2022 yaoxin <yaoxin30@h-partners.com> - 6.5.0-1
+- Upgrade to version 6.5.0
+
 * Fri Sep 23 2022 wangkai <wangkai385@h-partners.com> -6.4.1-2
 - Fix CVE-2022-34169 for xalan-j2
 

bcel.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: apache/commons-bcel
+tag_prefix: "commons-bcel-"
+seperator: "."