From d4bf61ee72ac778287b10b2752dc0518ae1172b125fc0d2369bebb211ad5eb91 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 23 Aug 2022 18:42:52 +0000
Subject: [PATCH 1/3] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/aws-sdk-java?expand=0&rev=25

---
 CVE-2022-31159.patch | 21 +++++++++++++++++++++
 aws-sdk-java.changes |  8 ++++++++
 aws-sdk-java.spec    |  2 ++
 3 files changed, 31 insertions(+)
 create mode 100644 CVE-2022-31159.patch

diff --git a/CVE-2022-31159.patch b/CVE-2022-31159.patch
new file mode 100644
index 0000000..0932cc1
--- /dev/null
+++ b/CVE-2022-31159.patch
@@ -0,0 +1,21 @@
+--- a/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/transfer/TransferManager.java
++++ b/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/transfer/TransferManager.java
+@@ -82,6 +82,7 @@ import java.io.File;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.net.URL;
++import java.nio.file.Path;
+ import java.util.ArrayList;
+ import java.util.Date;
+ import java.util.LinkedList;
+@@ -1512,7 +1513,9 @@ public class TransferManager {
+ 
+     private boolean leavesRoot(File localBaseDirectory, String key) {
+         try {
+-            return !new File(localBaseDirectory, key).getCanonicalPath().startsWith(localBaseDirectory.getCanonicalPath());
++            Path targetPath = new File(localBaseDirectory, key).getCanonicalFile().toPath();
++            Path rootPath = localBaseDirectory.getCanonicalFile().toPath();
++            return !targetPath.startsWith(rootPath);
+         } catch (IOException e) {
+             throw new RuntimeException("Unable to canonicalize paths",  e);
+         }
diff --git a/aws-sdk-java.changes b/aws-sdk-java.changes
index 9c6757f..e8c7122 100644
--- a/aws-sdk-java.changes
+++ b/aws-sdk-java.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Aug 23 15:44:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Added patch:
+  * CVE-2022-31159.patch
+    + fix bsc#1201580 (CVE-2022-31159) Partial Path Traversal in
+      com.amazonaws:aws-java-sdk-s3
+
 -------------------------------------------------------------------
 Thu May  5 10:23:20 UTC 2022 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/aws-sdk-java.spec b/aws-sdk-java.spec
index 7c3e698..3b503b9 100644
--- a/aws-sdk-java.spec
+++ b/aws-sdk-java.spec
@@ -26,6 +26,7 @@ Group:          Development/Libraries/Java
 URL:            https://aws.amazon.com/sdk-for-java/
 Source0:        https://github.com/aws/aws-sdk-java/archive/%{githash}/%{name}-%{githash}.tar.gz
 Patch0:         aws-sdk-java-ambiguous-Record.patch
+Patch1:         CVE-2022-31159.patch
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
@@ -673,6 +674,7 @@ This package contains javadoc for %{name}.
 %prep
 %setup -q -n %{name}-%{githash}
 %patch0 -p1
+%patch1 -p1
 
 # Remove deprecated httpclient annotations
 sed -i '/NotThreadSafe/d' \

From 6d02aedc78915807cbd6858a4e21437cd6c7ffd4f9ddab3c8aae6f482f7a1611 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 23 Aug 2022 18:46:54 +0000
Subject: [PATCH 2/3] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/aws-sdk-java?expand=0&rev=26

---
 CVE-2022-31159.patch | 21 ---------------------
 aws-sdk-java.changes |  8 --------
 aws-sdk-java.spec    |  2 --
 3 files changed, 31 deletions(-)
 delete mode 100644 CVE-2022-31159.patch

diff --git a/CVE-2022-31159.patch b/CVE-2022-31159.patch
deleted file mode 100644
index 0932cc1..0000000
--- a/CVE-2022-31159.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/transfer/TransferManager.java
-+++ b/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/transfer/TransferManager.java
-@@ -82,6 +82,7 @@ import java.io.File;
- import java.io.IOException;
- import java.io.InputStream;
- import java.net.URL;
-+import java.nio.file.Path;
- import java.util.ArrayList;
- import java.util.Date;
- import java.util.LinkedList;
-@@ -1512,7 +1513,9 @@ public class TransferManager {
- 
-     private boolean leavesRoot(File localBaseDirectory, String key) {
-         try {
--            return !new File(localBaseDirectory, key).getCanonicalPath().startsWith(localBaseDirectory.getCanonicalPath());
-+            Path targetPath = new File(localBaseDirectory, key).getCanonicalFile().toPath();
-+            Path rootPath = localBaseDirectory.getCanonicalFile().toPath();
-+            return !targetPath.startsWith(rootPath);
-         } catch (IOException e) {
-             throw new RuntimeException("Unable to canonicalize paths",  e);
-         }
diff --git a/aws-sdk-java.changes b/aws-sdk-java.changes
index e8c7122..9c6757f 100644
--- a/aws-sdk-java.changes
+++ b/aws-sdk-java.changes
@@ -1,11 +1,3 @@
--------------------------------------------------------------------
-Tue Aug 23 15:44:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>
-
-- Added patch:
-  * CVE-2022-31159.patch
-    + fix bsc#1201580 (CVE-2022-31159) Partial Path Traversal in
-      com.amazonaws:aws-java-sdk-s3
-
 -------------------------------------------------------------------
 Thu May  5 10:23:20 UTC 2022 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/aws-sdk-java.spec b/aws-sdk-java.spec
index 3b503b9..7c3e698 100644
--- a/aws-sdk-java.spec
+++ b/aws-sdk-java.spec
@@ -26,7 +26,6 @@ Group:          Development/Libraries/Java
 URL:            https://aws.amazon.com/sdk-for-java/
 Source0:        https://github.com/aws/aws-sdk-java/archive/%{githash}/%{name}-%{githash}.tar.gz
 Patch0:         aws-sdk-java-ambiguous-Record.patch
-Patch1:         CVE-2022-31159.patch
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
@@ -674,7 +673,6 @@ This package contains javadoc for %{name}.
 %prep
 %setup -q -n %{name}-%{githash}
 %patch0 -p1
-%patch1 -p1
 
 # Remove deprecated httpclient annotations
 sed -i '/NotThreadSafe/d' \

From cbca1ddb2fd74addafee8534984f5650681ac30479b72a5b6a97ad4c169ef983 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 12 Sep 2023 12:27:57 +0000
Subject: [PATCH 3/3] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/aws-sdk-java?expand=0&rev=27

---
 aws-sdk-java.changes | 5 +++++
 aws-sdk-java.spec    | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/aws-sdk-java.changes b/aws-sdk-java.changes
index 9c6757f..9ff3bef 100644
--- a/aws-sdk-java.changes
+++ b/aws-sdk-java.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Sep 12 12:27:52 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
+
 -------------------------------------------------------------------
 Thu May  5 10:23:20 UTC 2022 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/aws-sdk-java.spec b/aws-sdk-java.spec
index 7c3e698..526aaba 100644
--- a/aws-sdk-java.spec
+++ b/aws-sdk-java.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package aws-sdk-java
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -816,7 +816,9 @@ dos2unix src/samples/AmazonEC2SpotInstances-Advanced/CreateSecurityGroupApp.java
 # Tests require networking and unavailable test deps:
 # com.github.tomakehurst:wiremock:1.55
 # nl.jqno.equalsverifier:equalsverifier:1.7.5
-%{mvn_build} -sfj -- -Dsource=8 org.apache.maven.plugins:maven-javadoc-plugin:aggregate
+%{mvn_build} -sfj -- \
+    -Dproject.build.outputTimestamp=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +%%Y-%%m-%%dT%%H:%%M:%%SZ) \
+    -Dsource=8 org.apache.maven.plugins:maven-javadoc-plugin:aggregate
 
 %install
 %mvn_install