From 801551d59b767eec263e3490c983f16f663fbe91768f61b81390fe68b7e5b40d Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 21 Aug 2023 21:29:47 +0000 Subject: [PATCH 1/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-ivy?expand=0&rev=69 --- apache-ivy-2.5.1-src.tar.gz | 3 --- apache-ivy-2.5.2-src.tar.gz | 3 +++ apache-ivy.spec | 4 ++-- ivy-2.5.1.pom => ivy-2.5.2.pom | 20 ++++++++++---------- 4 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 apache-ivy-2.5.1-src.tar.gz create mode 100644 apache-ivy-2.5.2-src.tar.gz rename ivy-2.5.1.pom => ivy-2.5.2.pom (95%) diff --git a/apache-ivy-2.5.1-src.tar.gz b/apache-ivy-2.5.1-src.tar.gz deleted file mode 100644 index 510dfe5..0000000 --- a/apache-ivy-2.5.1-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:41c9aa4263d6c0564e9d8bcc4ef4dedb0dd72fd2e5324c6b7f23267bba432076 -size 2725262 diff --git a/apache-ivy-2.5.2-src.tar.gz b/apache-ivy-2.5.2-src.tar.gz new file mode 100644 index 0000000..eb20fec --- /dev/null +++ b/apache-ivy-2.5.2-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e06edd472268dbf200c19d16fa595e095837cbac4a7bf29c147c301a0a1b0713 +size 2728835 diff --git a/apache-ivy.spec b/apache-ivy.spec index b4ebd96..631f6ce 100644 --- a/apache-ivy.spec +++ b/apache-ivy.spec @@ -1,7 +1,7 @@ # # spec file for package apache-ivy # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %bcond_without sftp %bcond_without vfs Name: apache-ivy -Version: 2.5.1 +Version: 2.5.2 Release: 0 Summary: Java-based dependency manager License: Apache-2.0 diff --git a/ivy-2.5.1.pom b/ivy-2.5.2.pom similarity index 95% rename from ivy-2.5.1.pom rename to ivy-2.5.2.pom index b2d4d04..0544924 100644 --- a/ivy-2.5.1.pom +++ b/ivy-2.5.2.pom @@ -28,7 +28,7 @@ org.apache.ivy ivy - 2.5.1 + 2.5.2 Apache Ivy http://ant.apache.org/ivy/ @@ -60,13 +60,13 @@ org.apache.ant ant - 1.9.14 + 1.9.16 true org.apache.httpcomponents httpclient - 4.5.10 + 4.5.13 true @@ -108,19 +108,19 @@ org.bouncycastle bcpg-jdk15on - 1.64 + 1.70 true org.bouncycastle bcprov-jdk15on - 1.64 + 1.70 true junit junit - 4.12 + 4.13.2 test @@ -138,7 +138,7 @@ org.apache.ant ant-testutil - 1.9.14 + 1.9.16 test @@ -150,7 +150,7 @@ org.apache.ant ant-launcher - 1.9.14 + 1.9.16 test @@ -162,7 +162,7 @@ org.apache.ant ant-junit - 1.9.14 + 1.9.16 test @@ -174,7 +174,7 @@ org.apache.ant ant-junit4 - 1.9.14 + 1.9.16 test From 96c58388ede2a7ad80853ec6eeaedb29718ec02069f93d2e038cfc5071e29b81 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 21 Aug 2023 23:35:11 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-ivy?expand=0&rev=70 --- apache-ivy.changes | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/apache-ivy.changes b/apache-ivy.changes index c513e18..b5c5838 100644 --- a/apache-ivy.changes +++ b/apache-ivy.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Aug 21 23:30:17 UTC 2023 - Fridrich Strba + +- Upgrade to version 2.5.2 (bsc#1214422) + * Fixes: + + ivy:retrieve could fail because of a 'NullPointerException' + (jira:IVY-1641[]) + + reading POMs may loose dependencies when multiple Maven + dependencies only differ in 'classifier' (jira:IVY-1642[]) + + CVE-2022-46751: Apache Ivy Is Vulnerable to XML External + Entity Injections + ------------------------------------------------------------------- Mon Nov 7 08:10:54 UTC 2022 - David Anes