Update to latest upstream release 2.10.0

Fixes: CVE-2019-14540 Fixes: CVE-2019-16335 Fixes: CVE-2019-16942 Fixes: CVE-2019-16943 Resolves: rhbz#1758168 Resolves: rhbz#1758172 Resolves: rhbz#1758183 Signed-off-by: Alexander Scheel <ascheel@redhat.com>
2019-10-03 10:44:22 -04:00 · 2019-10-03 10:44:22 -04:00 · 0a67c3c313
commit 0a67c3c313
parent 65ccbd1dff
2 changed files with 17 additions and 6 deletions
--- a/jackson-databind.spec
+++ b/jackson-databind.spec
@ -1,5 +1,5 @@
 Name:          jackson-databind
-Version:       2.9.9.3
+Version:       2.10.0
 Release:       1%{?dist}
 Summary:       General data-binding package for Jackson (2.x)
 License:       ASL 2.0 and LGPLv2+
@ -9,9 +9,9 @@ Source0:       https://github.com/FasterXML/jackson-databind/archive/%{name}-%{v
 BuildRequires:  maven-local

 # TODO: Revert back to version macro when versions align again.
-BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-annotations) >= 2.9.9
-BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-core) >= 2.9.9
-BuildRequires:  mvn(com.fasterxml.jackson:jackson-base:pom:) >= 2.9.9
+BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
+BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
+BuildRequires:  mvn(com.fasterxml.jackson:jackson-base:pom:) >= %{version}
 BuildRequires:  mvn(com.google.code.maven-replacer-plugin:replacer)
 BuildRequires:  mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:  mvn(org.powermock:powermock-api-mockito)
@ -35,8 +35,9 @@ This package contains API documentation for %{name}.

 # Remove plugins unnecessary for RPM builds
 %pom_remove_plugin ":maven-enforcer-plugin"
+%pom_remove_plugin "org.jacoco:jacoco-maven-plugin"
+%pom_remove_plugin "org.moditect:moditect-maven-plugin"

-cp -p src/main/resources/META-INF/LICENSE .
 cp -p src/main/resources/META-INF/NOTICE .
 sed -i 's/\r//' LICENSE NOTICE

@ -69,6 +70,16 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest
 %license LICENSE NOTICE

 %changelog
+* Thu Oct 3 2019 Alexander Scheel <ascheel@redhat.com> - 2.10.0-1
+- Update to latest upstream release
+- Fixes: CVE-2019-14540
+- Fixes: CVE-2019-16335
+- Fixes: CVE-2019-16942
+- Fixes: CVE-2019-16943
+- Resolves: rhbz#1758168
+- Resolves: rhbz#1758172
+- Resolves: rhbz#1758183
+
 * Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> - 2.9.9.3-1
 - Update to latest upstream release; fixes CVE-2019-12384

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (jackson-databind-2.9.9.3.tar.gz) = 1b5cd44f1ff25379b68a34973cede8a8bec42cb99c432effaf7b625566ba66bf2bdacd6b0e31b53b71e240163d1d7afdaee5b357495834ac7a12182bd284014c
+SHA512 (jackson-databind-2.10.0.tar.gz) = 1053e9418718d6f5f6ffbf4e2ce9880da698aa5910a147b8c729c75f0376863ff6a89a9eae3a03d3ae3f2f5bce3fe2f2cfb57d0db308956921c1b0f5c8139e8e