Accepting request 893309 from Java:packages

Security fixes

OBS-URL: https://build.opensuse.org/request/show/893309
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=8

jetty-9.4.38.v20210224.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0d07ce0653b8010c77c2be15620ddc99bb02eedff4b6c61951de1079b50d17c3
-size 19224312

jetty-minimal.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+  * Fix: CVE-2021-28165 - jetty server high CPU when client send
+    data length > 17408
+  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+    scan
+
 -------------------------------------------------------------------
 Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
 

jetty-minimal.spec

@@ -18,14 +18,15 @@
 
 
 %global base_name jetty
-%global addver  .v20210224
+%global addver  .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.38
+Version:        9.4.40
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0
 URL:            https://www.eclipse.org/jetty/
-Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
 BuildRequires:  fdupes
 BuildRequires:  maven-local
 BuildRequires:  mvn(javax.annotation:javax.annotation-api)
@@ -187,7 +188,7 @@ Summary:        Javadoc for %{name}
 %{summary}.
 
 %prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
 
 find . -name "*.?ar" -exec rm {} \;
 find . -name "*.class" -exec rm {} \;

jetty-websocket.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+  * Fix: CVE-2021-28165 - jetty server high CPU when client send
+    data length > 17408
+  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+    scan
+  * Improve handling of unconsumed content
+  * Jetty start.jar always reports jetty.tag.version as master
+  * HttpConnection.getBytesIn() incorrect for requests with chunked
+    content
+  * SslConnection compacting
+
 -------------------------------------------------------------------
 Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
 

jetty-websocket.spec

@@ -18,14 +18,15 @@
 
 
 %global base_name jetty
-%global addver  .v20210224
+%global addver  .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.38
+Version:        9.4.40
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
 URL:            https://www.eclipse.org/jetty/
-Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
 BuildRequires:  fdupes
 # Multiple providers, chose the 1.0 one over 1.1, since
 # the relevant artifacts assume the API version 1.0
@@ -111,7 +112,7 @@ Summary:        Javadoc for %{name}
 %{summary}.
 
 %prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
 
 find . -name "*.?ar" -exec rm {} \;
 find . -name "*.class" -exec rm {} \;

jetty.project-jetty-9.4.40.v20210413.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11b612ef3489f350c9d8eeeff3227e76752b089facad7507b831d822e091d9c0
+size 19233699