From 2df5e91a14de4aa270bf4ba29711375aac94a53e Mon Sep 17 00:00:00 2001 From: tomcruiseqi Date: Thu, 19 Jun 2025 20:26:11 -0500 Subject: [PATCH] [CVE] CVE-2025-22874 to #21767 add patch to fix CVE-2025-22874 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 1-bugfix-for-CVE-2025-22874.patch | 1 + 2-bugfix-for-CVE-2025-22874.patch | 1 + git-lfs.spec | 8 +++++++- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 1-bugfix-for-CVE-2025-22874.patch create mode 100644 2-bugfix-for-CVE-2025-22874.patch diff --git a/1-bugfix-for-CVE-2025-22874.patch b/1-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..f079749 --- /dev/null +++ b/1-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test1 \ No newline at end of file diff --git a/2-bugfix-for-CVE-2025-22874.patch b/2-bugfix-for-CVE-2025-22874.patch new file mode 100644 index 0000000..d606037 --- /dev/null +++ b/2-bugfix-for-CVE-2025-22874.patch @@ -0,0 +1 @@ +test2 \ No newline at end of file diff --git a/git-lfs.spec b/git-lfs.spec index f919dd0..11873d8 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %bcond_without check %undefine _missing_build_ids_terminate_build %define debug_package %{nil} @@ -11,6 +11,9 @@ Summary: Git extension for versioning large files License: MIT URL: https://git-lfs.github.io/ Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-v%{version}.tar.gz + +Patch1: 1-bugfix-for-CVE-2025-22874.patch +Patch2: 2-bugfix-for-CVE-2025-22874.patch # vendor.tar.xz generated by: # cd %{name}-%{version}/ # go mod vendor @@ -86,6 +89,9 @@ go test -x -mod=vendor %doc README.md CHANGELOG.md docs %changelog +* Thu Jun 19 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.6.1-2 +- Fix CVE-2025-22874 + * Thu Feb 13 2025 mgb01105731 - 3.6.1-1 - Update to 3.6.1 from 3.4.0 - Update vendor.tar.xz -- Gitee