packages/woodstox-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-40152

Browse Source 
(cherry picked from commit 87e37856a745f85accf1e928f603221ba36f2908)
This commit is contained in:
yaqiangchen 2024-11-11 14:24:13 +08:00 committed by openeuler-sync-bot
parent 3b781349d0
commit a573fabf04
2 changed files with 227 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

219
backport-CVE-2022-40152.patch Normal file
View File

File diff suppressed because one or more lines are too long

9
woodstox-core.spec
View File

@ -2,7 +2,7 @@
%global core_name %{base_name}-core
Name: %{core_name}
Version: 6.2.8
Release: 1
Release: 2
Summary: High-performance XML processor
License: ASL 2.0 or LGPLv2+ or BSD
URL: https://github.com/FasterXML/woodstox
@ -11,6 +11,10 @@ Source0: https://github.com/FasterXML/%{base_name}/archive/%{name}-%
Patch0: 0001-stax2-api.patch
Patch1: 0001-Allow-building-against-OSGi-APIs-newer-than-R4.patch
Patch2: 0002-Patch-out-optional-support-for-msv-and-relax-schema-.patch
# Fix cve
Patch3000: backport-CVE-2022-40152.patch
BuildRequires: maven-local mvn(com.fasterxml:oss-parent:pom:) mvn(javax.xml.stream:stax-api)
BuildRequires: mvn(junit:junit) mvn(net.java.dev.msv:msv-core)
BuildRequires: mvn(net.java.dev.msv:msv-rngconverter) mvn(net.java.dev.msv:xsdlib)
@ -56,6 +60,9 @@ rm ./src/test/java/org/codehaus/stax/test/stream/TestNamespaces.java
%files javadoc -f .mfiles-javadoc
%changelog
* Mon Nov 11 2024 chenyaqiang <chenyaqiang@huawei.com> - 6.2.8-2
- Fix CVE-2022-40152
* Fri Nov 10 2023 yaoxin <yao_xin001@hoperun.com> - 6.2.8-1
- Upgrade to 6.2.8