Projects
Mega:23.09
jgit
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:jgit.spec
Changed
@@ -2,13 +2,14 @@ %bcond_with tests Name: jgit Version: 5.13.0 -Release: 1 +Release: 2 Summary: A pure java implementation of git -License: BSD +License: BSD-3-Clause URL: https://www.eclipse.org/jgit/ Source0: https://git.eclipse.org/c/jgit/jgit.git/snapshot/jgit-%{gittag}.tar.gz Patch0: 0001-Ensure-the-correct-classpath-is-set-for-the-jgit-com.patch Patch1: pom_for_bcpkix.patch +Patch2: CVE-2023-4759.patch BuildArch: noarch BuildRequires: maven-local mvn(args4j:args4j) mvn(com.google.code.gson:gson) @@ -43,6 +44,7 @@ %setup -n jgit-%{gittag} -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 rm .mvn/maven.config %pom_xpath_remove "pom:configuration/pom:annotationProcessorPaths" @@ -80,6 +82,7 @@ %else %mvn_build -- -Pjavac -Dmaven.test.failure.ignore=true %endif +sed -i 's/sshd-sftp/sshd-sftp glassfish-servlet-api jetty/g' org.eclipse.jgit.pgm/jgit.sh %install %mvn_install @@ -100,9 +103,15 @@ %license LICENSE %changelog +* Tue Dec 26 2023 wangkai <13474090681@163.com> - 5.13.0-2 +- Fix CVE-2023-4759 + * Tue June 6 2023 zhuwenshuo <1003254035@qq.com> - 5.13.0-1 - Update to 5.13.0 +* Wed Mar 29 2023 Ge Wang <wangge20@h-partners.com> - 5.11.0-2 +- Add classpath to resolve NoClassDefFoundError + * Fri Nov 25 2022 yaoxin <yaoxin30@h-partners.com> - 5.11.0-1 - Update to 5.11.0
View file
_service:tar_scm:CVE-2023-4759.patch
Added
@@ -0,0 +1,1748 @@ +Origin: https://build.opensuse.org/request/show/1116733 + +diff --git a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/TestRepository.java b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/TestRepository.java +index 0232156..a959626 100644 +--- a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/TestRepository.java ++++ b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/TestRepository.java +@@ -275,6 +275,25 @@ public DirCacheEntry file(String path, RevBlob blob) + return e; + } + ++ /** ++ * Construct a symlink mode tree entry. ++ * ++ * @param path ++ * path of the symlink. ++ * @param blob ++ * a blob, previously constructed in the repository. ++ * @return the entry. ++ * @throws Exception ++ * if an error occurred ++ * @since 5.13.3 ++ */ ++ public DirCacheEntry link(String path, RevBlob blob) throws Exception { ++ DirCacheEntry e = new DirCacheEntry(path); ++ e.setFileMode(FileMode.SYMLINK); ++ e.setObjectId(blob); ++ return e; ++ } ++ + /** + * Construct a tree from a specific listing of file entries. + * +diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit.patch b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit.patch +new file mode 100644 +index 0000000..802fa15 +--- /dev/null ++++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit.patch +@@ -0,0 +1,9 @@ ++diff --git a/.git/b b/.git/b ++new file mode 100644 ++index 0000000..de98044 ++--- /dev/null +++++ b/.git/b ++@@ -0,0 +1,3 @@ +++a +++b +++c +\ No newline at end of file +diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit2.patch b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit2.patch +new file mode 100644 +index 0000000..03cacba +--- /dev/null ++++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/diff/dotgit2.patch +@@ -0,0 +1,9 @@ ++diff --git a/.GIT/b b/.GIT/b ++new file mode 100644 ++index 0000000..de98044 ++--- /dev/null +++++ b/.git/b ++@@ -0,0 +1,3 @@ +++a +++b +++c +\ No newline at end of file +diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/.gitattributes b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/.gitattributes +new file mode 100644 +index 0000000..b38f87f +--- /dev/null ++++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/.gitattributes +@@ -0,0 +1 @@ ++*.patch -crlf +diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/dirtest.patch b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/dirtest.patch +new file mode 100644 +index 0000000..a275c85 +--- /dev/null ++++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/symlinks/dirtest.patch +@@ -0,0 +1,9 @@ ++diff --git a/a/b b/a/b ++new file mode 100644 ++index 0000000..de98044 ++--- /dev/null +++++ b/a/b ++@@ -0,0 +1,3 @@ +++a +++b +++c +\ No newline at end of file +diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheEntryTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheEntryTest.java +index 8e84dfa..c3e0f94 100644 +--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheEntryTest.java ++++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheEntryTest.java +@@ -46,6 +46,16 @@ public void testIsValidPath() { + assertFalse(isValidPath("a/")); + assertFalse(isValidPath("ab/cd/ef/")); + assertFalse(isValidPath("a\u0000b")); ++ assertFalse(isValidPath(".git")); ++ assertFalse(isValidPath(".GIT")); ++ assertFalse(isValidPath(".Git")); ++ assertFalse(isValidPath(".git/b")); ++ assertFalse(isValidPath(".GIT/b")); ++ assertFalse(isValidPath(".Git/b")); ++ assertFalse(isValidPath("x/y/.git/z/b")); ++ assertFalse(isValidPath("x/y/.GIT/z/b")); ++ assertFalse(isValidPath("x/y/.Git/z/b")); ++ assertTrue(isValidPath("git/b")); + } + + @SuppressWarnings("unused") +diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/InvalidPathCheckoutTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/InvalidPathCheckoutTest.java +new file mode 100644 +index 0000000..e3bc85a +--- /dev/null ++++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/InvalidPathCheckoutTest.java +@@ -0,0 +1,61 @@ ++/* ++ * Copyright (C) 2023 Thomas Wolf <twolf@apache.org> and others ++ * ++ * This program and the accompanying materials are made available under the ++ * terms of the Eclipse Distribution License v. 1.0 which is available at ++ * https://www.eclipse.org/org/documents/edl-v10.php. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++package org.eclipse.jgit.dircache; ++ ++import static org.junit.Assert.assertFalse; ++import static org.junit.Assert.assertThrows; ++ ++import java.io.File; ++ ++import org.eclipse.jgit.api.Git; ++import org.eclipse.jgit.api.ResetCommand.ResetType; ++import org.eclipse.jgit.junit.RepositoryTestCase; ++import org.eclipse.jgit.junit.TestRepository; ++import org.eclipse.jgit.lib.FileMode; ++import org.eclipse.jgit.lib.Repository; ++import org.eclipse.jgit.revwalk.RevBlob; ++import org.eclipse.jgit.revwalk.RevCommit; ++import org.junit.Test; ++ ++/** ++ * Tests for checking out with invalid paths. ++ */ ++public class InvalidPathCheckoutTest extends RepositoryTestCase { ++ ++ private DirCacheEntry brokenEntry(String fileName, RevBlob blob) { ++ DirCacheEntry entry = new DirCacheEntry("XXXX/" + fileName); ++ entry.path0 = '.'; ++ entry.path1 = 'g'; ++ entry.path2 = 'i'; ++ entry.path3 = 't'; ++ entry.setFileMode(FileMode.REGULAR_FILE); ++ entry.setObjectId(blob); ++ return entry; ++ } ++ ++ @Test ++ public void testCheckoutIntoDotGit() throws Exception { ++ try (TestRepository<Repository> repo = new TestRepository<>(db)) { ++ db.incrementOpen(); ++ // DirCacheEntry does not allow any path component to contain ++ // ".git". C git also forbids this. But what if somebody creates ++ // such an entry explicitly? ++ RevCommit base = repo ++ .commit(repo.tree(brokenEntry("b", repo.blob("test")))); ++ try (Git git = new Git(db)) { ++ assertThrows(InvalidPathException.class, () -> git.reset() ++ .setMode(ResetType.HARD).setRef(base.name()).call()); ++ File b = new File(new File(trash, ".git"), "b"); ++ assertFalse(".git/b should not exist", b.exists()); ++ } ++ } ++ } ++ ++} +diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/symlinks/DirectoryTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/symlinks/DirectoryTest.java +new file mode 100644 +index 0000000..05d4cea +--- /dev/null ++++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/symlinks/DirectoryTest.java +@@ -0,0 +1,254 @@ ++/* ++ * Copyright (C) 2023 Thomas Wolf <twolf@apache.org> and others ++ * ++ * This program and the accompanying materials are made available under the ++ * terms of the Eclipse Distribution License v. 1.0 which is available at ++ * https://www.eclipse.org/org/documents/edl-v10.php. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++package org.eclipse.jgit.symlinks; ++ ++import static org.junit.Assert.assertFalse; ++import static org.junit.Assert.assertNotNull; ++import static org.junit.Assert.assertTrue; ++ ++import java.io.File; ++import java.io.InputStream; ++import java.nio.charset.StandardCharsets;
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/jgit.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2