Fix CVE-2024-25638

(cherry picked from commit 8521d6ab31f25853241c3cf5aee7f0552fe1ed40)
2024-07-23 10:21:31 +08:00 · 2024-07-23 10:21:31 +08:00 · 0bee44fde4
commit 0bee44fde4
parent 7d022d4c44
2 changed files with 1610 additions and 1 deletions
--- a/backport-CVE-2024-25638.patch
+++ b/backport-CVE-2024-25638.patch
--- a/dnsjava.spec
+++ b/dnsjava.spec
@ -1,11 +1,12 @@
 %global do_not_test 1
 Name:                dnsjava
 Version:             3.5.3
-Release:             1
+Release:             2
 Summary:             Java DNS implementation
 License:             BSD and MIT
 URL:                 http://www.dnsjava.org/
 Source0:             https://github.com/dnsjava/dnsjava/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch0:              backport-CVE-2024-25638.patch
 BuildRequires:       aqute-bnd javapackages-local
 BuildRequires:       maven-local
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
@ -43,6 +44,7 @@ Javadoc for %{name}.
 rm -rf doc/
 find -name "*.class" -print -delete
 find -name "*.jar" -print -delete
+%patch0 -p1 -b .CVE-2024-25638
 iconv -f iso8859-1 -t utf8 Changelog > Changelog.tmp
 touch -r Changelog Changelog.tmp
 mv -f Changelog.tmp Changelog
@ -72,6 +74,9 @@ cp -rf target/xmvn-apidocs/* %{buildroot}%{_javadocdir}/%{name}
 %license LICENSE

 %changelog
+* Tue Jul 23 2024 zhangxianting <zhangxianting@uniontech.com> - 3.5.3-2
+- Fix CVE-2024-25638
+
 * Tue Feb 20 2024 Ge Wang <wang__ge@126.com> - 3.5.3-1
 - Update to 3.5.3