Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jettison for openSUSE:Factory checked in at 2022-10-06 07:41:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jettison (Old) and /work/SRC/openSUSE:Factory/.jettison.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jettison" Thu Oct 6 07:41:55 2022 rev:4 rq:1008138 version:1.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/jettison/jettison.changes 2022-03-22 19:41:29.415171106 +0100 +++ /work/SRC/openSUSE:Factory/.jettison.new.2275/jettison.changes 2022-10-06 07:42:07.192676055 +0200 @@ -1,0 +2,14 @@ +Wed Oct 5 08:33:43 UTC 2022 - Fridrich Strba <fst...@suse.com> + +- Upgrade to version 1.5.1 + * Fixes: + + Stack Overflow fix on malformed JSON + (bsc#1203515, CVE-2022-40149) + + Prevent infinite loop when a /* comment is not terminated + (bsc#1203516, CVE-2022-40150) +- Removed patches: + * jettison-1.3.7-jdk10plus.patch + * jettison-update-woodstox-version.patch + + not needed with current version + +------------------------------------------------------------------- Old: ---- jettison-1.3.7-jdk10plus.patch jettison-1.3.7.tar.gz jettison-update-woodstox-version.patch New: ---- jettison-1.5.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jettison.spec ++++++ --- /var/tmp/diff_new_pack.1MEpkT/_old 2022-10-06 07:42:07.860677542 +0200 +++ /var/tmp/diff_new_pack.1MEpkT/_new 2022-10-06 07:42:07.864677551 +0200 @@ -17,24 +17,17 @@ Name: jettison -Version: 1.3.7 +Version: 1.5.1 Release: 0 Summary: A JSON StAX implementation License: Apache-2.0 Group: Development/Libraries/Java URL: http://jettison.codehaus.org/ -Source0: https://github.com/codehaus/jettison/archive/%{name}-%{version}.tar.gz -# Change the POM to use the version of woodstox that we have available: -Patch0: %{name}-update-woodstox-version.patch -Patch1: %{name}-1.3.7-jdk10plus.patch +Source0: https://github.com/jettison-json/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz BuildRequires: fdupes BuildRequires: java-devel >= 1.8 BuildRequires: maven-local -BuildRequires: mvn(junit:junit) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) -BuildRequires: mvn(org.codehaus.woodstox:woodstox-core-asl) -BuildRequires: mvn(org.codehaus:codehaus-parent:pom:) -BuildRequires: mvn(stax:stax-api) BuildArch: noarch %description @@ -52,16 +45,10 @@ %prep %setup -q -n %{name}-%{name}-%{version} -%patch0 -p1 -%patch1 -p1 -chmod -x src/main/resources/META-INF/LICENSE -# We don't need wagon-webdav -%pom_xpath_remove pom:build/pom:extensions %pom_remove_plugin :maven-release-plugin - -# Confuses maven-bundle-plugin -%pom_xpath_remove pom:Private-Package +%pom_remove_plugin :nexus-staging-maven-plugin +%pom_remove_plugin :maven-enforcer-plugin %build %{mvn_build} -f -- \ @@ -75,9 +62,9 @@ %fdupes -s %{buildroot}%{_javadocdir} %files -f .mfiles -%license src/main/resources/META-INF/LICENSE +%license LICENSE %files javadoc -f .mfiles-javadoc -%license src/main/resources/META-INF/LICENSE +%license LICENSE %changelog ++++++ jettison-1.3.7.tar.gz -> jettison-1.5.1.tar.gz ++++++ ++++ 1989 lines of diff (skipped)
