java-packages/apache-commons-httpclient
SHA256
6
0
Fork 0
forked from pool/apache-commons-httpclient
Code Pull Requests Activity

Accepting request 844266 from home:pmonrealgonzalez:branches:Java:packages

Browse Source 
- Security fix [bsc#945190, CVE-2015-5262]
  * http/conn/ssl/SSLConnectionSocketFactory.java ignores the
    http.socket.timeout configuration setting during an SSL handshake,
    which allows remote attackers to cause a denial of service (HTTPS
    call hang) via unspecified vectors.
- Add apache-commons-httpclient-CVE-2015-5262.patch

- Security fix [bsc#1178171, CVE-2014-3577]
  * org.apache.http.conn.ssl.AbstractVerifier does not properly
    verify that the server hostname matches a domain name in the
    subject's Common Name (CN) or subjectAltName field of the X.509
    certificate, which allows MITM attackers to spoof SSL servers
    via a "CN=" string in a field in the distinguished name (DN)
    of a certificate.
- Add apache-commons-httpclient-CVE-2014-3577.patch

OBS-URL: https://build.opensuse.org/request/show/844266
OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-httpclient?expand=0&rev=25
This commit is contained in:
Fridrich Strba
2020-11-02 14:43:49 +00:00
committed by Git OBS Bridge
parent bcbe0ca3bf
commit 6f51036dc3
4 changed files with 156 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apache-commons-httpclient.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package apache-commons-httpclient
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,6 +33,10 @@ Patch2: %{name}-encoding.patch
#PATCH-FIX-UPSTREAM: bnc#803332
#https://issues.apache.org/jira/secure/attachment/12560251/CVE-2012-5783-2.patch
Patch3: %{short_name}-CVE-2012-5783-2.patch
#PATCH-FIX-UPSTREAM bsc#1178171 CVE-2014-3577 MITM security vulnerability
Patch4: apache-commons-httpclient-CVE-2014-3577.patch
#PATCH-FIX-UPSTREAM bsc#945190 CVE-2015-5262 Missing HTTPS connection timeout
Patch5: apache-commons-httpclient-CVE-2015-5262.patch
BuildRequires: ant
BuildRequires: ant-junit
BuildRequires: commons-codec
@@ -108,6 +112,8 @@ popd
%patch2
%patch3 -p1
%patch4 -p1
%patch5 -p1
# Use javax classes, not com.sun ones
# assume no filename contains spaces