Update xmlhash to 1.3.8 for fix CVE-2022-21949

(cherry picked from commit 0f57ce9f2bf9c2e04054b228897a0bb08956b8af)
2022-05-16 10:42:30 +08:00 · 2022-05-16 10:42:30 +08:00 · af776eb40b
commit af776eb40b
parent a9d296a256
3 changed files with 8 additions and 5 deletions
--- a/Gemfile.lock.aarch64
+++ b/Gemfile.lock.aarch64
@ -1,5 +1,5 @@
 GEM
-  remote: https://rubygems.org/
+  remote: https://anonymous:devcloud@mirrors.huaweicloud.com/repository/rubygems/
  specs:
    actioncable (5.2.7)
      actionpack (= 5.2.7)
@ -476,7 +476,7 @@ GEM
    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
-    xmlhash (1.3.7)
+    xmlhash (1.3.8)
      pkg-config
    xmlrpc (0.3.2)
      webrick
--- a/Gemfile.lock.x86
+++ b/Gemfile.lock.x86
@ -1,5 +1,5 @@
 GEM
-  remote: https://rubygems.org/
+  remote: https://anonymous:devcloud@mirrors.huaweicloud.com/repository/rubygems/
  specs:
    actioncable (5.2.7)
      actionpack (= 5.2.7)
@ -476,7 +476,7 @@ GEM
    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
-    xmlhash (1.3.7)
+    xmlhash (1.3.8)
      pkg-config
    xmlrpc (0.3.2)
      webrick
--- a/obs-server.spec
+++ b/obs-server.spec
@ -6,7 +6,7 @@

 Name:           obs-server
 Version:        2.10.11
-Release:        3
+Release:        4
 Summary:        The Open Build Service -- Server Component
 License:        GPL-2.0-only OR GPL-3.0-only
 URL:            http://www.openbuildservice.org
@ -516,6 +516,9 @@ usermod -a -G docker obsservicerun
 %{_sbindir}/rcobsstoragesetup

 %changelog
+* Mon May 16 2022 wangkai <wangkai385@h-partners.com> - 2.10.11-4
+- Update xmlhash to 1.3.8 for fix CVE-2022-21949
+
 * Mon Mar 28 2022 wulei <wulei80@huawei.com> - 2.10.11-3
 - Fix installation failed