Revert "Fix CVE-2023-36617 by patching plexus-archiver (#5986)" (#5995)

This reverts commit 7184ba4.
microsoft · Aug 15, 2023 · 92390f3 · 92390f3
1 parent 7184ba4
commit 92390f3
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 69 deletions.
diff --git a/SPECS/javapackages-bootstrap/CVE-2023-37460.patch b/SPECS/javapackages-bootstrap/CVE-2023-37460.patch
diff --git a/SPECS/javapackages-bootstrap/javapackages-bootstrap.spec b/SPECS/javapackages-bootstrap/javapackages-bootstrap.spec
@@ -13,7 +13,7 @@
 
 Name: javapackages-bootstrap
 Version: 1.5.0
-Release: 4%{?dist}
+Release: 3%{?dist}
 Summary: A means of bootstrapping Java Packages Tools
 # For detailed info see the file javapackages-bootstrap-PACKAGE-LICENSING
 License: ASL 2.0 and ASL 1.1 and (ASL 2.0 or EPL-2.0) and (EPL-2.0 or GPLv2 with exceptions) and MIT and (BSD with advertising) and BSD-3-Clause and EPL-1.0 and EPL-2.0 and CDDL-1.0 and xpp and CC0 and Public Domain
@@ -137,7 +137,6 @@ Source1108: xz-java.tar.xz
 
 Patch0: 0001-Bind-to-OpenJDK-11-for-runtime.patch
 Patch1: 0001-Remove-usage-of-ArchiveStreamFactory.patch
-Patch2: CVE-2023-37460.patch
 
 Provides: bundled(ant) = 1.10.9
 Provides: bundled(apache-parent) = 23
@@ -293,10 +292,6 @@ pushd "downstream/commons-compress"
 %patch1 -p1 
 popd
 
-pushd "downstream/plexus-archiver"
-%patch2 -p1 
-popd
-
 for patch_path in patches/*/*
 do
  package_name="$(echo ${patch_path} | cut -f2 -d/)"
@@ -364,9 +359,6 @@ sed -i 's|/usr/lib/jvm/java-11-openjdk|%{java_home}|' %{buildroot}%{launchersPat
 %doc AUTHORS
 
 %changelog
-* Fri Aug 11 2023 Saul Paredes <saulparedes@microsoft.com> - 1.5.0-4
-- Patch plexus-archiver to fix CVE-2023-37460
-
 * Wed Apr 05 2023 Riken Maharjan <rmaharjan@microsoft.com> - 1.5.0-3
 - Update commons-compress to 1.21