pool/eclipse-jgit
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1116733 from Java:packages

Browse Source 
bsc#1215298

OBS-URL: https://build.opensuse.org/request/show/1116733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/eclipse-jgit?expand=0&rev=14
This commit is contained in:
Ana Guerrero 2023-10-10 19:01:32 +00:00 committed by Git OBS Bridge
commit d0fc76cc0d
5 changed files with 1746 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
eclipse-jgit.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Oct 10 15:09:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* jgit-CVE-2023-4759.patch
+ backport of upstream fix for bsc#1215298 (CVE-2023-4759),
arbitrary file overwrite
-------------------------------------------------------------------
Fri Oct 6 11:04:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
@ -5,6 +13,13 @@ Fri Oct 6 11:04:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
* 0001-Ensure-the-correct-classpath-is-set-for-the-jgit-com.patch
+ no need to patch the jgit.sh launcher that we do not use
-------------------------------------------------------------------
Fri Oct 6 11:00:40 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Craft the jgit script from the real Main class of the jar file
instead of using some superfluous jar launcher.
Fixes bsc#1209646
-------------------------------------------------------------------
Wed May 31 19:51:51 UTC 2023 - Fridrich Strba <fstrba@suse.com>
@ -20,6 +35,13 @@ Fri May 5 08:24:40 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Mar 27 08:18:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Require xz-java because the jgit script that we install is
expecting it to be present when composing the classpath
(bsc#1209646)
-------------------------------------------------------------------
Wed Nov 16 11:24:53 UTC 2022 - Fridrich Strba <fstrba@suse.com>

2
eclipse-jgit.spec
View File

@ -36,6 +36,7 @@ Patch2: jgit-shade.patch
Patch3: jgit-5.11.0-java8.patch
Patch4: jgit-apache-sshd-2.7.0.patch
Patch5: jgit-jsch.patch
Patch6: jgit-CVE-2023-4759.patch
# For main build
BuildRequires: ant
BuildRequires: apache-commons-compress
@ -95,6 +96,7 @@ A pure Java implementation of the Git version control system.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
# Disable multithreaded build
rm .mvn/maven.config

1694
jgit-CVE-2023-4759.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
jgit.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Oct 10 15:09:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* jgit-CVE-2023-4759.patch
+ backport of upstream fix for bsc#1215298 (CVE-2023-4759),
arbitrary file overwrite
-------------------------------------------------------------------
Fri Oct 6 11:04:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
@ -21,6 +29,12 @@ Wed May 31 19:51:51 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+ allows building with 0.2.x (which is backward compatible
with 0.1.x)
-------------------------------------------------------------------
Fri May 5 08:24:40 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Mar 27 08:18:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>
@ -35,6 +49,12 @@ Wed Nov 16 11:24:53 UTC 2022 - Fridrich Strba <fstrba@suse.com>
* jgit-apache-sshd-2.7.0.patch
+ Allow building against apache-sshd 2.8.x and 2.9.x
-------------------------------------------------------------------
Tue Mar 29 14:06:34 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Force building with Java 11, since tycho is not knowing about any
Java >= 15
-------------------------------------------------------------------
Fri Jul 30 12:24:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>
@ -54,6 +74,11 @@ Fri Jul 30 12:24:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>
* 0003-Remove-requirement-on-assertj-core.patch
+ Not needed anymore
-------------------------------------------------------------------
Thu Nov 19 13:00:00 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Fix provides
-------------------------------------------------------------------
Thu Jul 16 21:23:15 UTC 2020 - Fridrich Strba <fstrba@suse.com>

4
jgit.spec
View File

@ -36,6 +36,7 @@ Patch2: jgit-shade.patch
Patch3: jgit-5.11.0-java8.patch
Patch4: jgit-apache-sshd-2.7.0.patch
Patch5: jgit-jsch.patch
Patch6: jgit-CVE-2023-4759.patch
# For main build
BuildRequires: ant
BuildRequires: fdupes
@ -104,6 +105,7 @@ Group: Documentation/HTML
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
# Disable multithreaded build
rm .mvn/maven.config
@ -160,7 +162,7 @@ done
%fdupes -s %{buildroot}%{_javadocdir}
# Binary
%jpackage_script org.eclipse.jgit.pgm.Main "" "" javaewah:jzlib:jsch:jgit/org.eclipse.jgit:slf4j/api:slf4j/simple:args4j:commons-compress:httpcomponents/httpcore:httpcomponents/httpclient:commons-logging:commons-codec:eddsa:apache-sshd/sshd-osgi:apache-sshd/sshd-sftp %{name}
%jpackage_script org.eclipse.jgit.pgm.Main "" "" javaewah:jzlib:jsch:jgit:slf4j/api:slf4j/simple:args4j:commons-compress:httpcomponents/httpcore:httpcomponents/httpclient:commons-logging:commons-codec:eddsa:apache-sshd/sshd-osgi:apache-sshd/sshd-sftp %{name}
# Ant task configuration
install -dm 755 %{buildroot}%{_sysconfdir}/ant.d