packages/jackson-databind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jackson-databind/jackson-databind.spec
starlet-dx 7d75c22171 Fix CVE-2019-17531 
(cherry picked from commit 2f5dc725bbf767b9d84766bdb46f27a745ad5e4e)
2022-03-11 18:29:48 +08:00

133 lines
5.4 KiB
RPMSpec
Raw Blame History

Name: jackson-databind
Version: 2.9.8
Release: 9
Summary: General data-binding package for Jackson (2.x)
License: ASL 2.0 and LGPLv2+
URL: https://github.com/FasterXML/jackson-databind/
Source0: https://github.com/FasterXML/jackson-databind/archive/%{name}-%{version}.tar.gz
Patch0000: CVE-2019-12086.patch
Patch0001: CVE-2019-12384.patch
Patch0002: CVE-2019-12814.patch
Patch0003: CVE-2019-14379-CVE-2019-14439.patch
Patch0004: CVE-2019-14540.patch
Patch0005: CVE-2019-16335.patch
Patch0006: CVE-2019-17267.patch
Patch0007: CVE-2019-14892.patch
Patch0008: CVE-2019-14893.patch
Patch0009: CVE-2019-16942-CVE-2019-16943-1.patch
Patch0010: CVE-2019-16942-CVE-2019-16943-2.patch
Patch0011: Fix-2498.patch
Patch0012: CVE-2019-20330.patch
Patch0013: CVE-2020-8840.patch
Patch0014: CVE-2020-9546-CVE-2020-9547-CVE-2020-9548.patch
Patch0015: CVE-2020-10969.patch
Patch0016: Fix-2648.patch
Patch0017: Fix-2653.patch
Patch0018: CVE-2020-10650.patch
Patch0019: CVE-2020-10672.patch
Patch0020: CVE-2020-10673.patch
Patch0021: CVE-2020-10968-CVE-2020-11111-CVE-2020-11112.patch
Patch0022: CVE-2020-11111-2.patch
Patch0023: CVE-2020-11113.patch
Patch0024: CVE-2020-11619.patch
Patch0025: CVE-2020-11620.patch
Patch0026: CVE-2020-14060.patch
Patch0027: CVE-2020-14061.patch
Patch0028: CVE-2020-14062.patch
Patch0029: CVE-2020-14195.patch
Patch0030: CVE-2020-24750.patch
Patch0031: CVE-2020-24616.patch
Patch0032: CVE-2020-25649.patch
Patch0033: CVE-2020-35490-CVE-2020-35491.patch
Patch0034: CVE-2020-35728.patch
Patch0035: CVE-2020-36184-CVE-2020-36185.patch
Patch0036: CVE-2020-36188-CVE-2020-36189.patch
Patch0037: CVE-2020-36187-CVE-2020-36186.patch
#The CVE-2020-36179-36180-36181-36182.patch is used to fix CVE-2020-36179 and CVE-2020-36180 and CVE-2020-36181 and CVE-2020-36182
Patch0038: CVE-2020-36179-36180-36181-36182.patch
Patch0039: CVE-2020-36183.patch
Patch0040: CVE-2021-20190.patch
Patch0041: CVE-2019-17531.patch
BuildRequires: maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
BuildRequires: mvn(com.fasterxml.jackson:jackson-base:pom:) >= %{version}
BuildRequires: mvn(com.google.code.maven-replacer-plugin:replacer)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.powermock:powermock-api-mockito)
BuildRequires: mvn(org.powermock:powermock-module-junit4)
BuildArch: noarch
%description
The general-purpose data-binding functionality and tree-model for Jackson Data
Processor. It builds on core streaming parser/generator package, and uses
Jackson Annotations for configuration.
%package javadoc
Summary: Javadoc for %{name}
%description javadoc
This package contains API documentation for %{name}.
%prep
%autosetup -p1 -n %{name}-%{name}-%{version}
# Remove plugins unnecessary for RPM builds
%pom_remove_plugin ":maven-enforcer-plugin"
cp -p src/main/resources/META-INF/LICENSE .
cp -p src/main/resources/META-INF/NOTICE .
sed -i 's/\r//' LICENSE NOTICE
# unavailable test deps
%pom_remove_dep javax.measure:jsr-275
rm src/test/java/com/fasterxml/jackson/databind/introspect/NoClassDefFoundWorkaroundTest.java
%pom_xpath_remove pom:classpathDependencyExcludes
# org.powermock.reflect.exceptions.FieldNotFoundException: Field 'fTestClass' was not found in class org.junit.internal.runners.MethodValidator.
rm src/test/java/com/fasterxml/jackson/databind/type/TestTypeFactoryWithClassLoader.java
# Off test that require connection with the web
rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest.java \
src/test/java/com/fasterxml/jackson/databind/deser/jdk/JDKStringLikeTypesTest.java \
src/test/java/com/fasterxml/jackson/databind/TestJDKSerialization.java
%mvn_file : %{name}
%build
%mvn_build -- -Dmaven.test.failure.ignore=true
%install
%mvn_install
%files -f .mfiles
%doc README.md release-notes/*
%license LICENSE NOTICE
%files javadoc -f .mfiles-javadoc
%license LICENSE NOTICE
%changelog
* Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.9.8-9
- Fix CVE-2019-17531
* Wed Jan 27 2021 wangyue <wangyue92@huawei.com> - 2.9.8-8
- fix CVE-2021-20190
* Fri Jan 22 2021 wangyue <wangyue92@huawei.com> - 2.9.8-7
- fix CVE-2020-36179 CVE-2020-36180 CVE-2020-36181
CVE-2020-36182 CVE-2020-36183 CVE-2020-36184
* Thu Jan 21 2021 wangyue <wangyue92@huawei.com> - 2.9.8-6
- fix CVE-2020-36188 CVE-2020-36189 CVE-2020-36187 CVE-2020-36186
* Mon Jan 18 2021 wangyue <wangyue92@huaweo.com> - 2.9.8-5
- fix CVE-2020-36185
* Mon Jan 11 2021 wangxiao <wangxiao65@huawei.com> - 2.9.8-4
- fix CVE-2020-35490 CVE-2020-35491 CVE-2020-35728
* Sat Dec 12 2020 zhanghua <zhanghua40@huawei.com> - 2.9.8-3
- fix CVE-2020-25649
* Sat Sep 19 2020 wangxiao <wangxiao65@huawei.com> - 2.9.8-2
- fix cves
* Fri Aug 28 2020 wutao <wutao61@huawei.com> - 2.9.8-1
- upgrade to 2.9.8
* Tue Dec 3 2019 huyan <hu.huyan@huawei.com> - 2.9.4-4
- Package Initialization
Reference in New Issue View Git Blame Copy Permalink