Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apache-ivy for openSUSE:Factory checked in at 2022-11-15 13:18:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-ivy (Old) and /work/SRC/openSUSE:Factory/.apache-ivy.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-ivy" Tue Nov 15 13:18:06 2022 rev:21 rq:1035296 version:2.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/apache-ivy/apache-ivy.changes 2022-03-28 17:00:21.316952592 +0200 +++ /work/SRC/openSUSE:Factory/.apache-ivy.new.1597/apache-ivy.changes 2022-11-15 13:20:41.460573264 +0100 @@ -1,0 +2,25 @@ +Mon Nov 7 08:10:54 UTC 2022 - David Anes <david.a...@suse.com> + +- Upgrade to version 2.5.1 (bsc#1205142, bsc#1205138) + * Breaking: + + Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition + file. + * Fixes: + + CVE-2022-37865 allow create/overwrite any file on the system. + (see https://ant.apache.org/ivy/security.html) + + CVE-2022-37866 Path traversal in patterns. + (see https://ant.apache.org/ivy/security.html) + + ResolveEngine resets dictator resolver to null in the global + configuration. + + ConcurrentModificationException in + MessageLoggerHelper.sumupProblems. + + useOrigin="true" fails with file-based ibiblio. + + ivy:retrieve Ant task didnât create an empty fileset when no + files were retrieved to a non-empty directory. + + ivy:retrieve Ant task relied on the default HTTP header + "Accept" which caused problems with servers that interpret it + strictly (e.g. AWS CodeArtifact). + * Improvements: + + Ivy command now accepts a URL for the -settings option. + +------------------------------------------------------------------- Old: ---- apache-ivy-2.5.0-src.tar.gz ivy-2.5.0.pom New: ---- apache-ivy-2.5.1-src.tar.gz ivy-2.5.1.pom ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-ivy.spec ++++++ --- /var/tmp/diff_new_pack.lXCcq9/_old 2022-11-15 13:20:42.652579418 +0100 +++ /var/tmp/diff_new_pack.lXCcq9/_new 2022-11-15 13:20:42.704579686 +0100 @@ -21,7 +21,7 @@ %bcond_without sftp %bcond_without vfs Name: apache-ivy -Version: 2.5.0 +Version: 2.5.1 Release: 0 Summary: Java-based dependency manager License: Apache-2.0 ++++++ apache-ivy-2.5.0-src.tar.gz -> apache-ivy-2.5.1-src.tar.gz ++++++ ++++ 2398 lines of diff (skipped) ++++++ ivy-2.5.0.pom -> ivy-2.5.1.pom ++++++ --- /work/SRC/openSUSE:Factory/apache-ivy/ivy-2.5.0.pom 2022-03-28 17:00:21.368952663 +0200 +++ /work/SRC/openSUSE:Factory/.apache-ivy.new.1597/ivy-2.5.1.pom 2022-11-15 13:20:41.480573367 +0100 @@ -28,7 +28,7 @@ </parent> <groupId>org.apache.ivy</groupId> <artifactId>ivy</artifactId> - <version>2.5.0</version> + <version>2.5.1</version> <name>Apache Ivy</name> <url>http://ant.apache.org/ivy/</url> <scm> @@ -66,7 +66,7 @@ <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> - <version>4.5.9</version> + <version>4.5.10</version> <optional>true</optional> </dependency> <dependency> @@ -108,13 +108,13 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpg-jdk15on</artifactId> - <version>1.62</version> + <version>1.64</version> <optional>true</optional> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> - <version>1.62</version> + <version>1.64</version> <optional>true</optional> </dependency> <dependency>
