diff --git a/0004-Avoid-use-of-internal-Mockito-API.patch b/0004-Avoid-use-of-internal-Mockito-API.patch new file mode 100644 index 0000000000000000000000000000000000000000..a63e95fb92faff304ce5d3b5fda2c061bd4f54a1 --- /dev/null +++ b/0004-Avoid-use-of-internal-Mockito-API.patch @@ -0,0 +1,32 @@ +From 4dd332d8f82d3a5f0ac6654d2c1733e44da6ddbd Mon Sep 17 00:00:00 2001 +From: Mat Booth +Date: Thu, 7 Feb 2019 14:57:25 +0000 +Subject: [PATCH 3/3] Avoid use of internal Mockito API + +--- + .../compress/utils/FixedLengthBlockOutputStreamTest.java | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/test/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStreamTest.java b/src/test/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStreamTest.java +index cfda61b..e94ccee 100644 +--- a/src/test/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStreamTest.java ++++ b/src/test/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStreamTest.java +@@ -39,7 +39,6 @@ import java.nio.file.Path; + import java.util.concurrent.atomic.AtomicBoolean; + import org.hamcrest.core.IsInstanceOf; + import org.junit.Test; +-import org.mockito.internal.matchers.GreaterOrEqual; + + public class FixedLengthBlockOutputStreamTest { + +@@ -294,7 +293,6 @@ public class FixedLengthBlockOutputStreamTest { + + private static void assertContainsAtOffset(String msg, byte[] expected, int offset, + byte[] actual) { +- assertThat(actual.length, new GreaterOrEqual<>(offset + expected.length)); + for (int i = 0; i < expected.length; i++) { + assertEquals(String.format("%s ([%d])", msg, i), expected[i], actual[i + offset]); + } +-- +2.20.1 + diff --git a/apache-commons-compress.spec b/apache-commons-compress.spec index f251da414ebe68c75b992c7be485d7fbe14cca55..5a6cd52c75543788c8e47c0f69f20d985f8d9f71 100644 --- a/apache-commons-compress.spec +++ b/apache-commons-compress.spec @@ -1,6 +1,6 @@ Name: apache-commons-compress Version: 1.17 -Release: 5 +Release: 6 Summary: Java API for working with archivers and compressed files License: ASL 2.0 URL: http://commons.apache.org/proper/commons-compress/ @@ -9,7 +9,8 @@ Source0: http://archive.apache.org/dist/commons/compress/source/commons-c Patch0001: 0001-Remove-Brotli-compressor.patch Patch0002: 0002-Remove-ZSTD-compressor.patch Patch0003: 0003-COMPRESS-463-throw-exception-when-detecting-a-trunca.patch -Patch6000: CVE-2019-12402.patch +Patch0004: 0004-Avoid-use-of-internal-Mockito-API.patch +Patch6000: CVE-2019-12402.patch BuildRequires: maven-local mvn(junit:junit) mvn(org.apache.commons:commons-parent:pom:) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) mvn(org.powermock:powermock-api-mockito) BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) mvn(org.osgi:org.osgi.core) @@ -44,7 +45,7 @@ rm src/test/java/org/apache/commons/compress/OsgiITest.java %build %mvn_file : commons-compress apache-commons-compress %mvn_alias : commons: -%mvn_build +%mvn_build -- -Dcommons.osgi.symbolicName=org.apache.commons.compress %install %mvn_install @@ -55,6 +56,9 @@ rm src/test/java/org/apache/commons/compress/OsgiITest.java %files help -f .mfiles-javadoc %changelog +* Sat Sep 12 2020 leiju - 1.17-4.h2 +- Avoid use of internal Mockito API + * Thu Dec 26 2019 Senlin Xia - 1.17-4.h1 - Type:cves - ID:CVE-2019-12402