From fc1ca9bcca0ceaefd1ad70334bc6cf4d5a6a5d2d0d4a70477d14c170cc45226f Mon Sep 17 00:00:00 2001 From: David Anes Date: Mon, 7 Nov 2022 08:19:35 +0000 Subject: [PATCH] Accepting request 1034052 from home:david.anes:branches:Java:packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Upgrade to version 2.5.1 * Breaking: + Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition file. * Fixes: + CVE-2022-37865 allow create/overwrite any file on the system. (see https://ant.apache.org/ivy/security.html) + CVE-2022-37866 Path traversal in patterns. (see https://ant.apache.org/ivy/security.html) + ResolveEngine resets dictator resolver to null in the global configuration. + ConcurrentModificationException in MessageLoggerHelper.sumupProblems. + useOrigin="true" fails with file-based ibiblio. + ivy:retrieve Ant task didn’t create an empty fileset when no files were retrieved to a non-empty directory. + ivy:retrieve Ant task relied on the default HTTP header "Accept" which caused problems with servers that interpret it strictly (e.g. AWS CodeArtifact). * Improvements: + Ivy command now accepts a URL for the -settings option. OBS-URL: https://build.opensuse.org/request/show/1034052 OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-ivy?expand=0&rev=66 --- apache-ivy-2.5.0-src.tar.gz | 3 --- apache-ivy-2.5.1-src.tar.gz | 3 +++ apache-ivy.changes | 25 +++++++++++++++++++++++++ apache-ivy.spec | 2 +- ivy-2.5.0.pom => ivy-2.5.1.pom | 8 ++++---- 5 files changed, 33 insertions(+), 8 deletions(-) delete mode 100644 apache-ivy-2.5.0-src.tar.gz create mode 100644 apache-ivy-2.5.1-src.tar.gz rename ivy-2.5.0.pom => ivy-2.5.1.pom (98%) diff --git a/apache-ivy-2.5.0-src.tar.gz b/apache-ivy-2.5.0-src.tar.gz deleted file mode 100644 index 8d52cbc..0000000 --- a/apache-ivy-2.5.0-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:109583a8d10b5d9a71c57c539719ca3648ebb8ca4af867976128e7fa657312b7 -size 2719181 diff --git a/apache-ivy-2.5.1-src.tar.gz b/apache-ivy-2.5.1-src.tar.gz new file mode 100644 index 0000000..510dfe5 --- /dev/null +++ b/apache-ivy-2.5.1-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41c9aa4263d6c0564e9d8bcc4ef4dedb0dd72fd2e5324c6b7f23267bba432076 +size 2725262 diff --git a/apache-ivy.changes b/apache-ivy.changes index 0f68b76..142c634 100644 --- a/apache-ivy.changes +++ b/apache-ivy.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Mon Nov 7 08:10:54 UTC 2022 - David Anes + +- Upgrade to version 2.5.1 + * Breaking: + + Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition + file. + * Fixes: + + CVE-2022-37865 allow create/overwrite any file on the system. + (see https://ant.apache.org/ivy/security.html) + + CVE-2022-37866 Path traversal in patterns. + (see https://ant.apache.org/ivy/security.html) + + ResolveEngine resets dictator resolver to null in the global + configuration. + + ConcurrentModificationException in + MessageLoggerHelper.sumupProblems. + + useOrigin="true" fails with file-based ibiblio. + + ivy:retrieve Ant task didn’t create an empty fileset when no + files were retrieved to a non-empty directory. + + ivy:retrieve Ant task relied on the default HTTP header + "Accept" which caused problems with servers that interpret it + strictly (e.g. AWS CodeArtifact). + * Improvements: + + Ivy command now accepts a URL for the -settings option. + ------------------------------------------------------------------- Sat Mar 19 13:22:59 UTC 2022 - Fridrich Strba diff --git a/apache-ivy.spec b/apache-ivy.spec index 88464c1..b4ebd96 100644 --- a/apache-ivy.spec +++ b/apache-ivy.spec @@ -21,7 +21,7 @@ %bcond_without sftp %bcond_without vfs Name: apache-ivy -Version: 2.5.0 +Version: 2.5.1 Release: 0 Summary: Java-based dependency manager License: Apache-2.0 diff --git a/ivy-2.5.0.pom b/ivy-2.5.1.pom similarity index 98% rename from ivy-2.5.0.pom rename to ivy-2.5.1.pom index e252be7..b2d4d04 100644 --- a/ivy-2.5.0.pom +++ b/ivy-2.5.1.pom @@ -28,7 +28,7 @@ org.apache.ivy ivy - 2.5.0 + 2.5.1 Apache Ivy http://ant.apache.org/ivy/ @@ -66,7 +66,7 @@ org.apache.httpcomponents httpclient - 4.5.9 + 4.5.10 true @@ -108,13 +108,13 @@ org.bouncycastle bcpg-jdk15on - 1.62 + 1.64 true org.bouncycastle bcprov-jdk15on - 1.62 + 1.64 true