From 795d1ef2954be82cdcebf320994fb24b8de23b81 Mon Sep 17 00:00:00 2001 From: tomcruiseqi Date: Thu, 19 Jun 2025 20:03:36 -0500 Subject: [PATCH 1/2] [CVE] CVE-2025-22874 to #21767 add patch to fix CVE-2025-22874 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 1-bugfix-for-CVE-2025-22874.patch | 1 + 2-bugfix-for-CVE-2025-22874.patch | 1 + git-lfs.spec | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 1-bugfix-for-CVE-2025-22874.patch create mode 100644 2-bugfix-for-CVE-2025-22874.patch diff --git a/1-bugfix-for-CVE-2025-22874.patch b/1-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..f079749 --- /dev/null +++ b/1-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test1 \ No newline at end of file diff --git a/2-bugfix-for-CVE-2025-22874.patch b/2-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..d606037 --- /dev/null +++ b/2-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test2 \ No newline at end of file diff --git a/git-lfs.spec b/git-lfs.spec index f919dd0..fcb52a0 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,4 +1,6 @@ -%define anolis_release 1 +Patch1: 1-bugfix-for-CVE-2025-22874.patch +Patch2: 2-bugfix-for-CVE-2025-22874.patch +%define anolis_release 2 %bcond_without check %undefine _missing_build_ids_terminate_build %define debug_package %{nil} @@ -86,6 +88,9 @@ go test -x -mod=vendor %doc README.md CHANGELOG.md docs %changelog +* Thu Jun 19 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.6.1-2 +- Fix CVE-2025-22874 + * Thu Feb 13 2025 mgb01105731 - 3.6.1-1 - Update to 3.6.1 from 3.4.0 - Update vendor.tar.xz -- Gitee From aae640c98e094c68c17afb2ef2b08d01faac93bd Mon Sep 17 00:00:00 2001 From: tomcruiseqi Date: Thu, 19 Jun 2025 20:22:10 -0500 Subject: [PATCH 2/2] [CVE] CVE-2025-22874 to #21767 add patch to fix CVE-2025-22874 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 3-bugfix-for-CVE-2025-22874.patch | 1 + 4-bugfix-for-CVE-2025-22874.patch | 1 + git-lfs.spec | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 3-bugfix-for-CVE-2025-22874.patch create mode 100644 4-bugfix-for-CVE-2025-22874.patch diff --git a/3-bugfix-for-CVE-2025-22874.patch b/3-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..f079749 --- /dev/null +++ b/3-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test1 \ No newline at end of file diff --git a/4-bugfix-for-CVE-2025-22874.patch b/4-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..d606037 --- /dev/null +++ b/4-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test2 \ No newline at end of file diff --git a/git-lfs.spec b/git-lfs.spec index fcb52a0..04093d7 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,6 +1,8 @@ Patch1: 1-bugfix-for-CVE-2025-22874.patch Patch2: 2-bugfix-for-CVE-2025-22874.patch -%define anolis_release 2 +Patch3: 3-bugfix-for-CVE-2025-22874.patch +Patch4: 4-bugfix-for-CVE-2025-22874.patch +%define anolis_release 3 %bcond_without check %undefine _missing_build_ids_terminate_build %define debug_package %{nil} @@ -88,6 +90,9 @@ go test -x -mod=vendor %doc README.md CHANGELOG.md docs %changelog +* Thu Jun 19 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.6.1-3 +- Fix CVE-2025-22874 + * Thu Jun 19 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.6.1-2 - Fix CVE-2025-22874 -- Gitee