Accepting request 898823 from Java:packages

Security fixes + some missing bug numbers

OBS-URL: https://build.opensuse.org/request/show/898823
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=9

jetty-minimal.changes

@@ -1,12 +1,18 @@
+-------------------------------------------------------------------
+Wed Jun  9 14:07:47 UTC 2021 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 9.4.42.v20210604
+  * Fix: bsc#1187117, CVE-2021-28169
+
 -------------------------------------------------------------------
 Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
 
 - Update to version 9.4.40.v20210413
-  * Fix: CVE-2021-28165 - jetty server high CPU when client send
-    data length > 17408
-  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
-  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
-    scan
+  * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when
+    client send data length > 17408
+  * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory
+    from deployment scan
 
 -------------------------------------------------------------------
 Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>

jetty-minimal.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package jetty-minimal
+# spec file
 #
 # Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2000-2007, JPackage Project
@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20210413
+%global addver  .v20210604
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.40
+Version:        9.4.42
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0

jetty-websocket.changes

@@ -1,12 +1,18 @@
+-------------------------------------------------------------------
+Wed Jun  9 14:07:47 UTC 2021 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 9.4.42.v20210604
+  * Fix: bsc#1187117, CVE-2021-28169
+
 -------------------------------------------------------------------
 Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
 
 - Update to version 9.4.40.v20210413
-  * Fix: CVE-2021-28165 - jetty server high CPU when client send
-    data length > 17408
-  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
-  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
-    scan
+  * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when
+    client send data length > 17408
+  * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory
+    from deployment scan
   * Improve handling of unconsumed content
   * Jetty start.jar always reports jetty.tag.version as master
   * HttpConnection.getBytesIn() incorrect for requests with chunked

jetty-websocket.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package jetty-websocket
+# spec file
 #
 # Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2000-2007, JPackage Project
@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20210413
+%global addver  .v20210604
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.40
+Version:        9.4.42
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0

jetty.project-jetty-9.4.40.v20210413.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:11b612ef3489f350c9d8eeeff3227e76752b089facad7507b831d822e091d9c0
-size 19233699

jetty.project-jetty-9.4.42.v20210604.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f3c093fc83c7ddd45272e09e6a0a7f3101399f86d336d6840a0981c712f5cfe
+size 19268823