From 208ad0757d935ac0617a6cba5be0a0ad2fa0eb8bf6fe5bc49cae7219f2485b38 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Fri, 14 May 2021 17:18:17 +0000
Subject: [PATCH] Accepting request 893214 from
 home:susnux:branches:Java:packages

Update to version 9.4.40.v20210413

OBS-URL: https://build.opensuse.org/request/show/893214
OBS-URL: https://build.opensuse.org/package/show/Java:packages/jetty-minimal?expand=0&rev=31
---
 jetty-9.4.38.v20210224.tar.gz               |  3 ---
 jetty-minimal.changes                       | 10 ++++++++++
 jetty-minimal.spec                          |  9 +++++----
 jetty-websocket.changes                     | 15 +++++++++++++++
 jetty-websocket.spec                        |  9 +++++----
 jetty.project-jetty-9.4.40.v20210413.tar.gz |  3 +++
 6 files changed, 38 insertions(+), 11 deletions(-)
 delete mode 100644 jetty-9.4.38.v20210224.tar.gz
 create mode 100644 jetty.project-jetty-9.4.40.v20210413.tar.gz

diff --git a/jetty-9.4.38.v20210224.tar.gz b/jetty-9.4.38.v20210224.tar.gz
deleted file mode 100644
index 9dda101..0000000
--- a/jetty-9.4.38.v20210224.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0d07ce0653b8010c77c2be15620ddc99bb02eedff4b6c61951de1079b50d17c3
-size 19224312
diff --git a/jetty-minimal.changes b/jetty-minimal.changes
index d71a00d..a8faf21 100644
--- a/jetty-minimal.changes
+++ b/jetty-minimal.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+  * Fix: CVE-2021-28165 - jetty server high CPU when client send
+    data length > 17408
+  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+    scan
+
 -------------------------------------------------------------------
 Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/jetty-minimal.spec b/jetty-minimal.spec
index 7794cbe..23f7807 100644
--- a/jetty-minimal.spec
+++ b/jetty-minimal.spec
@@ -18,14 +18,15 @@
 
 
 %global base_name jetty
-%global addver  .v20210224
+%global addver  .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.38
+Version:        9.4.40
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0
 URL:            https://www.eclipse.org/jetty/
-Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
 BuildRequires:  fdupes
 BuildRequires:  maven-local
 BuildRequires:  mvn(javax.annotation:javax.annotation-api)
@@ -187,7 +188,7 @@ Summary:        Javadoc for %{name}
 %{summary}.
 
 %prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
 
 find . -name "*.?ar" -exec rm {} \;
 find . -name "*.class" -exec rm {} \;
diff --git a/jetty-websocket.changes b/jetty-websocket.changes
index e1eba59..1404909 100644
--- a/jetty-websocket.changes
+++ b/jetty-websocket.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+  * Fix: CVE-2021-28165 - jetty server high CPU when client send
+    data length > 17408
+  * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+  * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+    scan
+  * Improve handling of unconsumed content
+  * Jetty start.jar always reports jetty.tag.version as master
+  * HttpConnection.getBytesIn() incorrect for requests with chunked
+    content
+  * SslConnection compacting
+
 -------------------------------------------------------------------
 Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/jetty-websocket.spec b/jetty-websocket.spec
index ece098d..ee4c7c4 100644
--- a/jetty-websocket.spec
+++ b/jetty-websocket.spec
@@ -18,14 +18,15 @@
 
 
 %global base_name jetty
-%global addver  .v20210224
+%global addver  .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.38
+Version:        9.4.40
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
 URL:            https://www.eclipse.org/jetty/
-Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:        https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
 BuildRequires:  fdupes
 # Multiple providers, chose the 1.0 one over 1.1, since
 # the relevant artifacts assume the API version 1.0
@@ -111,7 +112,7 @@ Summary:        Javadoc for %{name}
 %{summary}.
 
 %prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
 
 find . -name "*.?ar" -exec rm {} \;
 find . -name "*.class" -exec rm {} \;
diff --git a/jetty.project-jetty-9.4.40.v20210413.tar.gz b/jetty.project-jetty-9.4.40.v20210413.tar.gz
new file mode 100644
index 0000000..7ec2c94
--- /dev/null
+++ b/jetty.project-jetty-9.4.40.v20210413.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11b612ef3489f350c9d8eeeff3227e76752b089facad7507b831d822e091d9c0
+size 19233699