File _service:obs_scm:jackson-databind.spec of Package jackson-databind

Name:                jackson-databind
Version:             2.9.8
Release:             10
Summary:             General data-binding package for Jackson (2.x)
License:             ASL 2.0 and LGPLv2+
URL:                 https://github.com/FasterXML/jackson-databind/
Source0:             https://github.com/FasterXML/jackson-databind/archive/%{name}-%{version}.tar.gz
Patch0000:           CVE-2019-12086.patch
Patch0001:           CVE-2019-12384.patch
Patch0002:           CVE-2019-12814.patch
Patch0003:           CVE-2019-14379-CVE-2019-14439.patch
Patch0004:           CVE-2019-14540.patch
Patch0005:           CVE-2019-16335.patch
Patch0006:           CVE-2019-17267.patch
Patch0007:           CVE-2019-14892.patch
Patch0008:           CVE-2019-14893.patch
Patch0009:           CVE-2019-16942-CVE-2019-16943-1.patch
Patch0010:           CVE-2019-16942-CVE-2019-16943-2.patch
Patch0011:           Fix-2498.patch
Patch0012:           CVE-2019-20330.patch
Patch0013:           CVE-2020-8840.patch
Patch0014:           CVE-2020-9546-CVE-2020-9547-CVE-2020-9548.patch
Patch0015:           CVE-2020-10969.patch
Patch0016:           Fix-2648.patch
Patch0017:           Fix-2653.patch
Patch0018:           CVE-2020-10650.patch
Patch0019:           CVE-2020-10672.patch
Patch0020:           CVE-2020-10673.patch
Patch0021:           CVE-2020-10968-CVE-2020-11111-CVE-2020-11112.patch
Patch0022:           CVE-2020-11111-2.patch
Patch0023:           CVE-2020-11113.patch
Patch0024:           CVE-2020-11619.patch
Patch0025:           CVE-2020-11620.patch
Patch0026:           CVE-2020-14060.patch
Patch0027:           CVE-2020-14061.patch
Patch0028:           CVE-2020-14062.patch
Patch0029:           CVE-2020-14195.patch
Patch0030:           CVE-2020-24750.patch
Patch0031:           CVE-2020-24616.patch
Patch0032:           CVE-2020-25649.patch
Patch0033:           CVE-2020-35490-CVE-2020-35491.patch
Patch0034:           CVE-2020-35728.patch
Patch0035:           CVE-2020-36184-CVE-2020-36185.patch
Patch0036:           CVE-2020-36188-CVE-2020-36189.patch
Patch0037:           CVE-2020-36187-CVE-2020-36186.patch
#The CVE-2020-36179-36180-36181-36182.patch is used to fix CVE-2020-36179 and CVE-2020-36180 and CVE-2020-36181 and CVE-2020-36182
Patch0038:           CVE-2020-36179-36180-36181-36182.patch
Patch0039:           CVE-2020-36183.patch
Patch0040:           CVE-2021-20190.patch
Patch0041:           CVE-2019-17531.patch
# https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
Patch0042:           CVE-2020-36518.patch
# https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
Patch0043:           CVE-2022-42003.patch
# https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
Patch0044:           CVE-2022-42004.patch

BuildRequires:       maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
BuildRequires:       mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
BuildRequires:       mvn(com.fasterxml.jackson:jackson-base:pom:) >= %{version}
BuildRequires:       mvn(com.google.code.maven-replacer-plugin:replacer)
BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires:       mvn(org.powermock:powermock-api-mockito)
BuildRequires:       mvn(org.powermock:powermock-module-junit4)
BuildArch:           noarch
%description
The general-purpose data-binding functionality and tree-model for Jackson Data
Processor. It builds on core streaming parser/generator package, and uses
Jackson Annotations for configuration.

%package javadoc
Summary:             Javadoc for %{name}
%description javadoc
This package contains API documentation for %{name}.

%prep
%autosetup -p1 -n %{name}-%{name}-%{version}
# Remove plugins unnecessary for RPM builds
%pom_remove_plugin ":maven-enforcer-plugin"
cp -p src/main/resources/META-INF/LICENSE .
cp -p src/main/resources/META-INF/NOTICE .
sed -i 's/\r//' LICENSE NOTICE
# unavailable test deps
%pom_remove_dep javax.measure:jsr-275
rm src/test/java/com/fasterxml/jackson/databind/introspect/NoClassDefFoundWorkaroundTest.java
%pom_xpath_remove pom:classpathDependencyExcludes
# org.powermock.reflect.exceptions.FieldNotFoundException: Field 'fTestClass' was not found in class org.junit.internal.runners.MethodValidator.
rm src/test/java/com/fasterxml/jackson/databind/type/TestTypeFactoryWithClassLoader.java
# Off test that require connection with the web
rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest.java \
 src/test/java/com/fasterxml/jackson/databind/deser/jdk/JDKStringLikeTypesTest.java \
 src/test/java/com/fasterxml/jackson/databind/TestJDKSerialization.java
%mvn_file : %{name}

%build
%mvn_build -- -Dmaven.test.failure.ignore=true

%install
%mvn_install

%files -f .mfiles
%doc README.md release-notes/*
%license LICENSE NOTICE

%files javadoc -f .mfiles-javadoc
%license LICENSE NOTICE

%changelog
* Wed Dec 13 2023 yaoxin <yao_xin001@hoperun.com> - 2.9.8-10
- Fix CVE-2020-36518,CVE-2022-42003 and CVE-2022-42004

* Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.9.8-9
- Fix CVE-2019-17531

* Wed Jan 27 2021 wangyue <wangyue92@huawei.com> - 2.9.8-8
- fix CVE-2021-20190

* Fri Jan 22 2021 wangyue <wangyue92@huawei.com> - 2.9.8-7
- fix CVE-2020-36179 CVE-2020-36180 CVE-2020-36181
  CVE-2020-36182 CVE-2020-36183 CVE-2020-36184

* Thu Jan 21 2021 wangyue <wangyue92@huawei.com> - 2.9.8-6
- fix CVE-2020-36188 CVE-2020-36189 CVE-2020-36187 CVE-2020-36186

* Mon Jan 18 2021 wangyue <wangyue92@huaweo.com> - 2.9.8-5
- fix CVE-2020-36185

* Mon Jan 11 2021 wangxiao <wangxiao65@huawei.com> - 2.9.8-4
- fix CVE-2020-35490 CVE-2020-35491 CVE-2020-35728

* Sat Dec 12 2020 zhanghua <zhanghua40@huawei.com> - 2.9.8-3
- fix CVE-2020-25649

* Sat Sep 19 2020 wangxiao <wangxiao65@huawei.com> - 2.9.8-2
- fix cves

* Fri Aug 28 2020 wutao <wutao61@huawei.com> - 2.9.8-1
- upgrade to 2.9.8

* Tue Dec 3 2019 huyan <hu.huyan@huawei.com> - 2.9.4-4
- Package Initialization