rpm/apache-ivy
SHA256
1
0
Fork 0
forked from pool/apache-ivy
Code Pull Requests Activity

Accepting request 1105156 from Java:packages

Browse Source 
2.5.2 - CVE-2022-46751 - bsc#1214422

OBS-URL: https://build.opensuse.org/request/show/1105156
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-ivy?expand=0&rev=22
This commit is contained in:
Ana Guerrero 2023-08-23 12:56:37 +00:00 committed by Git OBS Bridge
commit 9f73f46f90
5 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apache-ivy-2.5.1-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41c9aa4263d6c0564e9d8bcc4ef4dedb0dd72fd2e5324c6b7f23267bba432076
size 2725262

BIN
apache-ivy-2.5.2-src.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

12
apache-ivy.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Mon Aug 21 23:30:17 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.5.2 (bsc#1214422)
* Fixes:
+ ivy:retrieve could fail because of a 'NullPointerException'
(jira:IVY-1641[])
+ reading POMs may loose dependencies when multiple Maven
dependencies only differ in 'classifier' (jira:IVY-1642[])
+ CVE-2022-46751: Apache Ivy Is Vulnerable to XML External
Entity Injections
-------------------------------------------------------------------
Mon Nov 7 08:10:54 UTC 2022 - David Anes <david.anes@suse.com>

4
apache-ivy.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apache-ivy
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@
%bcond_without sftp
%bcond_without vfs
Name: apache-ivy
Version: 2.5.1
Version: 2.5.2
Release: 0
Summary: Java-based dependency manager
License: Apache-2.0

20
ivy-2.5.1.pom → ivy-2.5.2.pom
View File

@ -28,7 +28,7 @@
</parent>
<groupId>org.apache.ivy</groupId>
<artifactId>ivy</artifactId>
<version>2.5.1</version>
<version>2.5.2</version>
<name>Apache Ivy</name>
<url>http://ant.apache.org/ivy/</url>
<scm>
@ -60,13 +60,13 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
<version>1.9.14</version>
<version>1.9.16</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.10</version>
<version>4.5.13</version>
<optional>true</optional>
</dependency>
<dependency>
@ -108,19 +108,19 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk15on</artifactId>
<version>1.64</version>
<version>1.70</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.64</version>
<version>1.70</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
<dependency>
@ -138,7 +138,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-testutil</artifactId>
<version>1.9.14</version>
<version>1.9.16</version>
<scope>test</scope>
<exclusions>
<exclusion>
@ -150,7 +150,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-launcher</artifactId>
<version>1.9.14</version>
<version>1.9.16</version>
<scope>test</scope>
<exclusions>
<exclusion>
@ -162,7 +162,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-junit</artifactId>
<version>1.9.14</version>
<version>1.9.16</version>
<scope>test</scope>
<exclusions>
<exclusion>
@ -174,7 +174,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-junit4</artifactId>
<version>1.9.14</version>
<version>1.9.16</version>
<scope>test</scope>
<exclusions>
<exclusion>