!7 [sync] PR-5: Fix CVE-2022-40152

From: @openeuler-sync-bot Reviewed-by: @wk333 Signed-off-by: @wk333
2024-11-11 08:15:04 +00:00 · 2024-11-11 08:15:04 +00:00 · db753eaa68
commit db753eaa68
parent 3b781349d0 a573fabf04
2 changed files with 227 additions and 1 deletions
--- a/backport-CVE-2022-40152.patch
+++ b/backport-CVE-2022-40152.patch
--- a/woodstox-core.spec
+++ b/woodstox-core.spec
@ -2,7 +2,7 @@
 %global core_name %{base_name}-core
 Name:                %{core_name}
 Version:             6.2.8
-Release:             1
+Release:             2
 Summary:             High-performance XML processor
 License:             ASL 2.0 or LGPLv2+ or BSD
 URL:                 https://github.com/FasterXML/woodstox
@ -11,6 +11,10 @@ Source0:             https://github.com/FasterXML/%{base_name}/archive/%{name}-%
 Patch0:              0001-stax2-api.patch
 Patch1:              0001-Allow-building-against-OSGi-APIs-newer-than-R4.patch
 Patch2:              0002-Patch-out-optional-support-for-msv-and-relax-schema-.patch
+
+# Fix cve
+Patch3000:           backport-CVE-2022-40152.patch
+
 BuildRequires:       maven-local mvn(com.fasterxml:oss-parent:pom:) mvn(javax.xml.stream:stax-api)
 BuildRequires:       mvn(junit:junit) mvn(net.java.dev.msv:msv-core)
 BuildRequires:       mvn(net.java.dev.msv:msv-rngconverter) mvn(net.java.dev.msv:xsdlib)
@ -56,6 +60,9 @@ rm ./src/test/java/org/codehaus/stax/test/stream/TestNamespaces.java
 %files javadoc -f .mfiles-javadoc

 %changelog
+* Mon Nov 11 2024 chenyaqiang <chenyaqiang@huawei.com> - 6.2.8-2
+- Fix CVE-2022-40152
+
 * Fri Nov 10 2023 yaoxin <yao_xin001@hoperun.com> - 6.2.8-1
 - Upgrade to 6.2.8