Upgrade to 1.5.4 for fix cves

(cherry picked from commit 882aea4ac0e1e4ed22306ab400cf25864ca78f55)
2023-12-07 17:24:41 +08:00 · 2023-12-07 17:24:41 +08:00 · b448b6b84e
commit b448b6b84e
parent 363320ac31
4 changed files with 11 additions and 24 deletions
--- a/jettison-1.3.7.tar.gz
+++ b/jettison-1.3.7.tar.gz
--- a/jettison-1.5.4.tar.gz
+++ b/jettison-1.5.4.tar.gz
--- a/jettison-update-woodstox-version.patch
+++ b/jettison-update-woodstox-version.patch
@ -1,15 +0,0 @@
--- a/pom.xml
-+++ b/pom.xml
-@@ -26,9 +26,9 @@
-       <version>1.0.1</version>
-     </dependency>
- 	<dependency> 
-		<groupId>woodstox</groupId> 
-		<artifactId>wstx-asl</artifactId> 
-		<version>3.2.2</version> 
-+		<groupId>org.codehaus.woodstox</groupId> 
-+		<artifactId>woodstox-core-asl</artifactId> 
-+		<version>4.1.2</version> 
- 		<scope>test</scope>
- 	</dependency>    
-   </dependencies>
--- a/jettison.spec
+++ b/jettison.spec
@ -1,12 +1,11 @@
 Name:                jettison
-Version:             1.3.7
+Version:             1.5.4
 Release:             1
 Summary:             A JSON StAX implementation
 License:             ASL 2.0
 URL:                 https://github.com/codehaus/jettison
 BuildArch:           noarch
-Source0:             https://github.com/codehaus/jettison/archive/%{name}-%{version}.tar.gz
-Patch0:              %{name}-update-woodstox-version.patch
+Source0:             https://github.com/codehaus/jettison/archive/refs/tags/%{name}-%{version}.tar.gz
 BuildRequires:       maven-local mvn(junit:junit) mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:       mvn(org.codehaus:codehaus-parent:pom:)
 BuildRequires:       mvn(org.codehaus.woodstox:woodstox-core-asl) mvn(stax:stax-api)
@ -22,11 +21,10 @@ Summary:             Javadocs for %{name}
 This package contains the API documentation for %{name}.

 %prep
-%setup -q -n %{name}-%{name}-%{version}
-%patch0 -p1
-%pom_xpath_remove pom:build/pom:extensions
+%autosetup -n %{name}-%{name}-%{version} -p1
 %pom_remove_plugin :maven-release-plugin
-%pom_xpath_remove pom:Private-Package
+%pom_remove_plugin :nexus-staging-maven-plugin
+%pom_remove_plugin :maven-enforcer-plugin

 %build
 %mvn_build -f
@ -35,11 +33,15 @@ This package contains the API documentation for %{name}.
 %mvn_install

 %files -f .mfiles
-%doc src/main/resources/META-INF/LICENSE
+%license LICENSE

 %files javadoc -f .mfiles-javadoc
-%doc src/main/resources/META-INF/LICENSE
+%license LICENSE

 %changelog
+* Thu Dec 07 2023 yaoxin <yao_xin001@hoperun.com> - 1.5.4-1
+- Upgrade to 1.5.4 for fix cves: CVE-2022-40149,CVE-2022-40150,
+  CVE-2022-45685,CVE-2022-45693 and CVE-2023-1436
+
 * Sat Aug 1 2020 Jeffery.Gao <gaojianxing@huawei.com> - 1.3.7-1
 - Package init