From 52c32ee859979979176d174481bba48f3bc1eb6ac123cfd7230faf2d1d4b1bc6 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 9 Jun 2021 14:12:36 +0000 Subject: [PATCH 1/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/jetty-minimal?expand=0&rev=33 --- jetty-minimal.changes | 6 ++++++ jetty-minimal.spec | 6 +++--- jetty-websocket.changes | 6 ++++++ jetty-websocket.spec | 6 +++--- jetty.project-jetty-9.4.40.v20210413.tar.gz | 3 --- jetty.project-jetty-9.4.42.v20210604.tar.gz | 3 +++ 6 files changed, 21 insertions(+), 9 deletions(-) delete mode 100644 jetty.project-jetty-9.4.40.v20210413.tar.gz create mode 100644 jetty.project-jetty-9.4.42.v20210604.tar.gz diff --git a/jetty-minimal.changes b/jetty-minimal.changes index a8faf21..19da076 100644 --- a/jetty-minimal.changes +++ b/jetty-minimal.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba + +- Update to version 9.4.42.v20210604 + * Fix: bsc#1187117, CVE-2021-28169 + ------------------------------------------------------------------- Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen diff --git a/jetty-minimal.spec b/jetty-minimal.spec index 23f7807..c568333 100644 --- a/jetty-minimal.spec +++ b/jetty-minimal.spec @@ -1,5 +1,5 @@ # -# spec file for package jetty-minimal +# spec file # # Copyright (c) 2021 SUSE LLC # Copyright (c) 2000-2007, JPackage Project @@ -18,10 +18,10 @@ %global base_name jetty -%global addver .v20210413 +%global addver .v20210604 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver} Name: %{base_name}-minimal -Version: 9.4.40 +Version: 9.4.42 Release: 0 Summary: Java Webserver and Servlet Container License: Apache-2.0 OR EPL-1.0 diff --git a/jetty-websocket.changes b/jetty-websocket.changes index 1404909..2688a4a 100644 --- a/jetty-websocket.changes +++ b/jetty-websocket.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba + +- Update to version 9.4.42.v20210604 + * Fix: bsc#1187117, CVE-2021-28169 + ------------------------------------------------------------------- Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen diff --git a/jetty-websocket.spec b/jetty-websocket.spec index ee4c7c4..73b1170 100644 --- a/jetty-websocket.spec +++ b/jetty-websocket.spec @@ -1,5 +1,5 @@ # -# spec file for package jetty-websocket +# spec file # # Copyright (c) 2021 SUSE LLC # Copyright (c) 2000-2007, JPackage Project @@ -18,10 +18,10 @@ %global base_name jetty -%global addver .v20210413 +%global addver .v20210604 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver} Name: %{base_name}-websocket -Version: 9.4.40 +Version: 9.4.42 Release: 0 Summary: The websocket modules for Jetty License: Apache-2.0 OR EPL-1.0 diff --git a/jetty.project-jetty-9.4.40.v20210413.tar.gz b/jetty.project-jetty-9.4.40.v20210413.tar.gz deleted file mode 100644 index 7ec2c94..0000000 --- a/jetty.project-jetty-9.4.40.v20210413.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:11b612ef3489f350c9d8eeeff3227e76752b089facad7507b831d822e091d9c0 -size 19233699 diff --git a/jetty.project-jetty-9.4.42.v20210604.tar.gz b/jetty.project-jetty-9.4.42.v20210604.tar.gz new file mode 100644 index 0000000..9736d1e --- /dev/null +++ b/jetty.project-jetty-9.4.42.v20210604.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f3c093fc83c7ddd45272e09e6a0a7f3101399f86d336d6840a0981c712f5cfe +size 19268823 From f7cb78b6c4b870917fed714e0539ddff2188cf5fc0818712bed8bd0d2702289c Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 9 Jun 2021 14:50:38 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/Java:packages/jetty-minimal?expand=0&rev=34 --- jetty-minimal.changes | 10 +++++----- jetty-websocket.changes | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/jetty-minimal.changes b/jetty-minimal.changes index 19da076..07c60ff 100644 --- a/jetty-minimal.changes +++ b/jetty-minimal.changes @@ -8,11 +8,11 @@ Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen - Update to version 9.4.40.v20210413 - * Fix: CVE-2021-28165 - jetty server high CPU when client send - data length > 17408 - * Fix: CVE-2021-28164 - Normalize ambiguous URIs - * Fix: CVE-2021-28163 - Exclude webapps directory from deployment - scan + * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when + client send data length > 17408 + * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs + * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory + from deployment scan ------------------------------------------------------------------- Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba diff --git a/jetty-websocket.changes b/jetty-websocket.changes index 2688a4a..901a5e9 100644 --- a/jetty-websocket.changes +++ b/jetty-websocket.changes @@ -8,11 +8,11 @@ Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen - Update to version 9.4.40.v20210413 - * Fix: CVE-2021-28165 - jetty server high CPU when client send - data length > 17408 - * Fix: CVE-2021-28164 - Normalize ambiguous URIs - * Fix: CVE-2021-28163 - Exclude webapps directory from deployment - scan + * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when + client send data length > 17408 + * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs + * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory + from deployment scan * Improve handling of unconsumed content * Jetty start.jar always reports jetty.tag.version as master * HttpConnection.getBytesIn() incorrect for requests with chunked