!18 Fix CVE-2023-4759

From: @wk333 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530

jgit.spec

@@ -2,13 +2,14 @@
 %bcond_with tests
 Name:                jgit
 Version:             5.13.0
-Release:             1
+Release:             2
 Summary:             A pure java implementation of git
-License:             BSD
+License:             BSD-3-Clause
 URL:                 https://www.eclipse.org/jgit/
 Source0:             https://git.eclipse.org/c/jgit/jgit.git/snapshot/jgit-%{gittag}.tar.gz
 Patch0:              0001-Ensure-the-correct-classpath-is-set-for-the-jgit-com.patch
 Patch1:              pom_for_bcpkix.patch
+Patch2:              CVE-2023-4759.patch
 
 BuildArch:           noarch
 BuildRequires:       maven-local mvn(args4j:args4j) mvn(com.google.code.gson:gson)
@@ -43,6 +44,7 @@ Summary:             API documentation for %{name}
 %setup -n jgit-%{gittag} -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 rm .mvn/maven.config
 %pom_xpath_remove "pom:configuration/pom:annotationProcessorPaths"
@@ -80,6 +82,7 @@ sed -i -e '/\.test<\/module>/d' pom.xml
 %else
 %mvn_build -- -Pjavac  -Dmaven.test.failure.ignore=true
 %endif
+sed -i 's/sshd-sftp/sshd-sftp glassfish-servlet-api jetty/g' org.eclipse.jgit.pgm/jgit.sh
 
 %install
 %mvn_install
@@ -100,9 +103,15 @@ EOF
 %license LICENSE
 
 %changelog
+* Tue Dec 26 2023 wangkai <13474090681@163.com> - 5.13.0-2
+- Fix CVE-2023-4759
+
 * Tue June 6 2023 zhuwenshuo <1003254035@qq.com> - 5.13.0-1
 - Update to 5.13.0
 
+* Wed Mar 29 2023 Ge Wang <wangge20@h-partners.com> - 5.11.0-2
+- Add classpath to resolve NoClassDefFoundError
+
 * Fri Nov 25 2022 yaoxin <yaoxin30@h-partners.com> - 5.11.0-1
 - Update to 5.11.0