commit eclipse-jgit for openSUSE:Factory

Source-Sync Fri, 13 Oct 2023 10:01:40 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package eclipse-jgit for openSUSE:Factory 
checked in at 2023-10-10 21:01:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/eclipse-jgit (Old)
 and      /work/SRC/openSUSE:Factory/.eclipse-jgit.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "eclipse-jgit"

Tue Oct 10 21:01:32 2023 rev:14 rq:1116733 version:5.11.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/eclipse-jgit/eclipse-jgit.changes        
2023-10-06 21:17:15.977974557 +0200
+++ /work/SRC/openSUSE:Factory/.eclipse-jgit.new.28202/eclipse-jgit.changes     
2023-10-10 21:03:11.264364894 +0200
@@ -1,0 +2,8 @@
+Tue Oct 10 15:09:41 UTC 2023 - Fridrich Strba <fst...@suse.com>
+
+- Added patch:
+  * jgit-CVE-2023-4759.patch
+    + backport of upstream fix for bsc#1215298 (CVE-2023-4759),
+      arbitrary file overwrite
+
+-------------------------------------------------------------------
@@ -8,0 +17,7 @@
+Fri Oct  6 11:00:40 UTC 2023 - Fridrich Strba <fst...@suse.com>
+
+- Craft the jgit script from the real Main class of the jar file
+  instead of using some superfluous jar launcher.
+  Fixes bsc#1209646
+
+-------------------------------------------------------------------
@@ -21,0 +37,7 @@
+
+-------------------------------------------------------------------
+Mon Mar 27 08:18:14 UTC 2023 - Fridrich Strba <fst...@suse.com>
+
+- Require xz-java because the jgit script that we install is
+  expecting it to be present when composing the classpath
+  (bsc#1209646)
--- /work/SRC/openSUSE:Factory/eclipse-jgit/jgit.changes        2023-10-06 
21:17:15.997975279 +0200
+++ /work/SRC/openSUSE:Factory/.eclipse-jgit.new.28202/jgit.changes     
2023-10-10 21:03:11.300366199 +0200
@@ -1,0 +2,8 @@
+Tue Oct 10 15:09:41 UTC 2023 - Fridrich Strba <fst...@suse.com>
+
+- Added patch:
+  * jgit-CVE-2023-4759.patch
+    + backport of upstream fix for bsc#1215298 (CVE-2023-4759),
+      arbitrary file overwrite
+
+-------------------------------------------------------------------
@@ -24,0 +33,6 @@
+Fri May  5 08:24:40 UTC 2023 - Fridrich Strba <fst...@suse.com>
+
+- Add _multibuild to define 2nd spec file as additional flavor.
+  Eliminates the need for source package links in OBS.
+
+-------------------------------------------------------------------
@@ -38,0 +53,6 @@
+Tue Mar 29 14:06:34 UTC 2022 - Fridrich Strba <fst...@suse.com>
+
+- Force building with Java 11, since tycho is not knowing about any
+  Java >= 15
+
+-------------------------------------------------------------------
@@ -55,0 +76,5 @@
+
+-------------------------------------------------------------------
+Thu Nov 19 13:00:00 UTC 2020 - Fridrich Strba <fst...@suse.com>
+
+- Fix provides

New:
----
  jgit-CVE-2023-4759.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ eclipse-jgit.spec ++++++
--- /var/tmp/diff_new_pack.ZtjqP5/_old  2023-10-10 21:03:13.280438002 +0200
+++ /var/tmp/diff_new_pack.ZtjqP5/_new  2023-10-10 21:03:13.280438002 +0200
@@ -36,6 +36,7 @@
 Patch3:         jgit-5.11.0-java8.patch
 Patch4:         jgit-apache-sshd-2.7.0.patch
 Patch5:         jgit-jsch.patch
+Patch6:         jgit-CVE-2023-4759.patch
 # For main build
 BuildRequires:  ant
 BuildRequires:  apache-commons-compress
@@ -95,6 +96,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 # Disable multithreaded build
 rm .mvn/maven.config

++++++ jgit.spec ++++++
--- /var/tmp/diff_new_pack.ZtjqP5/_old  2023-10-10 21:03:13.316439308 +0200
+++ /var/tmp/diff_new_pack.ZtjqP5/_new  2023-10-10 21:03:13.316439308 +0200
@@ -36,6 +36,7 @@
 Patch3:         jgit-5.11.0-java8.patch
 Patch4:         jgit-apache-sshd-2.7.0.patch
 Patch5:         jgit-jsch.patch
+Patch6:         jgit-CVE-2023-4759.patch
 # For main build
 BuildRequires:  ant
 BuildRequires:  fdupes
@@ -104,6 +105,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 # Disable multithreaded build
 rm .mvn/maven.config
@@ -160,7 +162,7 @@
 %fdupes -s %{buildroot}%{_javadocdir}
 
 # Binary
-%jpackage_script org.eclipse.jgit.pgm.Main "" "" 
javaewah:jzlib:jsch:jgit/org.eclipse.jgit:slf4j/api:slf4j/simple:args4j:commons-compress:httpcomponents/httpcore:httpcomponents/httpclient:commons-logging:commons-codec:eddsa:apache-sshd/sshd-osgi:apache-sshd/sshd-sftp
 %{name}
+%jpackage_script org.eclipse.jgit.pgm.Main "" "" 
javaewah:jzlib:jsch:jgit:slf4j/api:slf4j/simple:args4j:commons-compress:httpcomponents/httpcore:httpcomponents/httpclient:commons-logging:commons-codec:eddsa:apache-sshd/sshd-osgi:apache-sshd/sshd-sftp
 %{name}
 
 # Ant task configuration
 install -dm 755 %{buildroot}%{_sysconfdir}/ant.d

++++++ jgit-CVE-2023-4759.patch ++++++
++++ 1695 lines (skipped)

commit eclipse-jgit for openSUSE:Factory

Reply via email to