!19 Fix CVE-2023-4759

From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530
2023-12-27 01:54:07 +00:00 · 2023-12-27 01:54:07 +00:00 · 342f0fe8ae
commit 342f0fe8ae
parent 4c94e98583 65cfedd073
2 changed files with 1708 additions and 2 deletions
--- a/CVE-2023-4759.patch
+++ b/CVE-2023-4759.patch
--- a/jgit.spec
+++ b/jgit.spec
@ -2,13 +2,14 @@
 %bcond_with tests
 Name:                jgit
 Version:             5.11.0
-Release:             1
+Release:             3
 Summary:             A pure java implementation of git
-License:             BSD
+License:             BSD-3-Clause
 URL:                 https://www.eclipse.org/jgit/
 Source0:             https://git.eclipse.org/c/jgit/jgit.git/snapshot/jgit-%{gittag}.tar.xz
 Patch0:              0001-Ensure-the-correct-classpath-is-set-for-the-jgit-com.patch
 Patch1:              jgit-apache-sshd-2.7.0.patch
 Patch2:              CVE-2023-4759.patch
 BuildArch:           noarch
 BuildRequires:       maven-local mvn(args4j:args4j) mvn(com.google.code.gson:gson)
@ -43,6 +44,7 @@ Summary:             API documentation for %{name}
 %setup -n jgit-%{gittag} -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 rm .mvn/maven.config
 %pom_xpath_remove "pom:configuration/pom:annotationProcessorPaths"
@ -80,6 +82,7 @@ sed -i -e '/\.test<\/module>/d' pom.xml
 %else
 %mvn_build -- -Pjavac  -Dmaven.test.failure.ignore=true
 %endif
 sed -i 's/sshd-sftp/sshd-sftp glassfish-servlet-api jetty/g' org.eclipse.jgit.pgm/jgit.sh
 %install
 %mvn_install
@ -100,6 +103,12 @@ EOF
 %license LICENSE
 %changelog
 * Tue Dec 26 2023 wangkai <13474090681@163.com> - 5.11.0-3
 - Fix CVE-2023-4759
 * Wed Mar 29 2023 Ge Wang <wangge20@h-partners.com> - 5.11.0-2
 - Add classpath to resolve NoClassDefFoundError
 * Fri Nov 25 2022 yaoxin <yaoxin30@h-partners.com> - 5.11.0-1
 - Update to 5.11.0