!10 [sync] PR-6: Fix CVE-2022-40152

From: @openeuler-sync-bot Reviewed-by: @wk333 Signed-off-by: @wk333
2024-11-11 08:14:32 +00:00 · 2024-11-11 08:14:32 +00:00 · cc07825af6
commit cc07825af6
parent 1f44f7cddd f6cc5d513c
2 changed files with 225 additions and 3 deletions
--- a/backport-CVE-2022-40152.patch
+++ b/backport-CVE-2022-40152.patch
--- a/woodstox-core.spec
+++ b/woodstox-core.spec
@ -2,13 +2,17 @@
 %global core_name %{base_name}-core
 Name:                %{core_name}
 Version:             5.0.3
-Release:             1
+Release:             2
 Summary:             High-performance XML processor
 License:             ASL 2.0 or LGPLv2+ or BSD
 URL:                 https://github.com/FasterXML/woodstox
 BuildArch:           noarch
 Source0:             https://github.com/FasterXML/%{base_name}/archive/%{name}-%{version}.tar.gz
 Patch0:              0001-stax2-api.patch
+
+# Fix CVE
+Patch3000:           backport-CVE-2022-40152.patch
+
 BuildRequires:       maven-local mvn(com.fasterxml:oss-parent:pom:) mvn(javax.xml.stream:stax-api)
 BuildRequires:       mvn(junit:junit) mvn(net.java.dev.msv:msv-core)
 BuildRequires:       mvn(net.java.dev.msv:msv-rngconverter) mvn(net.java.dev.msv:xsdlib)
@ -27,8 +31,7 @@ Summary:             API documentation for %{name}
 This package contains the API documentation for %{name}.

 %prep
-%setup -q -n %{base_name}-%{name}-%{version}
-%patch0 -p1
+%autosetup -n %{base_name}-%{name}-%{version} -p1
 %pom_xpath_inject 'pom:plugin[pom:artifactId="maven-bundle-plugin"]/pom:configuration' '
 <instructions>
    <Export-Package>{local-packages}</Export-Package>
@ -52,5 +55,8 @@ rm ./src/test/java/org/codehaus/stax/test/stream/TestNamespaces.java
 %files javadoc -f .mfiles-javadoc

 %changelog
+* Mon Nov 11 2024 chenyaqiang <chenyaqiang@huawei.com> - 5.0.3-2
+- Fix CVE-2022-40152
+
 * Thu Jul 23 2020 Jeffery.Gao <gaojianxing@huawei.com> - 5.0.3-1
 - Package init