Accepting request 1034052 from home:david.anes:branches:Java:packages

- Upgrade to version 2.5.1
  * Breaking: 
    + Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition 
      file.
  * Fixes:
    + CVE-2022-37865 allow create/overwrite any file on the system.
      (see https://ant.apache.org/ivy/security.html)
    + CVE-2022-37866 Path traversal in patterns.
      (see https://ant.apache.org/ivy/security.html)
    + ResolveEngine resets dictator resolver to null in the global 
      configuration.
    + ConcurrentModificationException in 
      MessageLoggerHelper.sumupProblems.
    + useOrigin="true" fails with file-based ibiblio.
    + ivy:retrieve Ant task didn’t create an empty fileset when no 
      files were retrieved to a non-empty directory.
    + ivy:retrieve Ant task relied on the default HTTP header 
      "Accept" which caused problems with servers that interpret it 
      strictly (e.g. AWS CodeArtifact).
  * Improvements:
    + Ivy command now accepts a URL for the -settings option.

OBS-URL: https://build.opensuse.org/request/show/1034052
OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-ivy?expand=0&rev=66

apache-ivy-2.5.0-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:109583a8d10b5d9a71c57c539719ca3648ebb8ca4af867976128e7fa657312b7
-size 2719181

apache-ivy-2.5.1-src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:41c9aa4263d6c0564e9d8bcc4ef4dedb0dd72fd2e5324c6b7f23267bba432076
+size 2725262

apache-ivy.changes

@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Mon Nov  7 08:10:54 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Upgrade to version 2.5.1
+  * Breaking: 
+    + Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition 
+      file.
+  * Fixes:
+    + CVE-2022-37865 allow create/overwrite any file on the system.
+      (see https://ant.apache.org/ivy/security.html)
+    + CVE-2022-37866 Path traversal in patterns.
+      (see https://ant.apache.org/ivy/security.html)
+    + ResolveEngine resets dictator resolver to null in the global 
+      configuration.
+    + ConcurrentModificationException in 
+      MessageLoggerHelper.sumupProblems.
+    + useOrigin="true" fails with file-based ibiblio.
+    + ivy:retrieve Ant task didn’t create an empty fileset when no 
+      files were retrieved to a non-empty directory.
+    + ivy:retrieve Ant task relied on the default HTTP header 
+      "Accept" which caused problems with servers that interpret it 
+      strictly (e.g. AWS CodeArtifact).
+  * Improvements:
+    + Ivy command now accepts a URL for the -settings option.
+
 -------------------------------------------------------------------
 Sat Mar 19 13:22:59 UTC 2022 - Fridrich Strba <fstrba@suse.com>
 

apache-ivy.spec

@@ -21,7 +21,7 @@
 %bcond_without  sftp
 %bcond_without  vfs
 Name:           apache-ivy
-Version:        2.5.0
+Version:        2.5.1
 Release:        0
 Summary:        Java-based dependency manager
 License:        Apache-2.0

ivy-2.5.1.pom

@@ -28,7 +28,7 @@
   </parent>
   <groupId>org.apache.ivy</groupId>
   <artifactId>ivy</artifactId>
-  <version>2.5.0</version>
+  <version>2.5.1</version>
   <name>Apache Ivy</name>
   <url>http://ant.apache.org/ivy/</url>
   <scm>
@@ -66,7 +66,7 @@
     <dependency>
       <groupId>org.apache.httpcomponents</groupId>
       <artifactId>httpclient</artifactId>
-      <version>4.5.9</version>
+      <version>4.5.10</version>
       <optional>true</optional>
     </dependency>
     <dependency>
@@ -108,13 +108,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpg-jdk15on</artifactId>
-      <version>1.62</version>
+      <version>1.64</version>
       <optional>true</optional>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15on</artifactId>
-      <version>1.62</version>
+      <version>1.64</version>
       <optional>true</optional>
     </dependency>
     <dependency>