Accepting request 893309 from Java:packages
Security fixes OBS-URL: https://build.opensuse.org/request/show/893309 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=8
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
325ce7e478
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:0d07ce0653b8010c77c2be15620ddc99bb02eedff4b6c61951de1079b50d17c3
|
|
||||||
size 19224312
|
|
||||||
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
|
||||||
|
|
||||||
|
- Update to version 9.4.40.v20210413
|
||||||
|
* Fix: CVE-2021-28165 - jetty server high CPU when client send
|
||||||
|
data length > 17408
|
||||||
|
* Fix: CVE-2021-28164 - Normalize ambiguous URIs
|
||||||
|
* Fix: CVE-2021-28163 - Exclude webapps directory from deployment
|
||||||
|
scan
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -18,14 +18,15 @@
|
|||||||
|
|
||||||
|
|
||||||
%global base_name jetty
|
%global base_name jetty
|
||||||
%global addver .v20210224
|
%global addver .v20210413
|
||||||
|
%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
|
||||||
Name: %{base_name}-minimal
|
Name: %{base_name}-minimal
|
||||||
Version: 9.4.38
|
Version: 9.4.40
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Java Webserver and Servlet Container
|
Summary: Java Webserver and Servlet Container
|
||||||
License: Apache-2.0 OR EPL-1.0
|
License: Apache-2.0 OR EPL-1.0
|
||||||
URL: https://www.eclipse.org/jetty/
|
URL: https://www.eclipse.org/jetty/
|
||||||
Source0: https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
|
Source0: https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: maven-local
|
BuildRequires: maven-local
|
||||||
BuildRequires: mvn(javax.annotation:javax.annotation-api)
|
BuildRequires: mvn(javax.annotation:javax.annotation-api)
|
||||||
@ -187,7 +188,7 @@ Summary: Javadoc for %{name}
|
|||||||
%{summary}.
|
%{summary}.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
|
%setup -q -n %{src_name}
|
||||||
|
|
||||||
find . -name "*.?ar" -exec rm {} \;
|
find . -name "*.?ar" -exec rm {} \;
|
||||||
find . -name "*.class" -exec rm {} \;
|
find . -name "*.class" -exec rm {} \;
|
||||||
|
|||||||
@ -1,3 +1,18 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
|
||||||
|
|
||||||
|
- Update to version 9.4.40.v20210413
|
||||||
|
* Fix: CVE-2021-28165 - jetty server high CPU when client send
|
||||||
|
data length > 17408
|
||||||
|
* Fix: CVE-2021-28164 - Normalize ambiguous URIs
|
||||||
|
* Fix: CVE-2021-28163 - Exclude webapps directory from deployment
|
||||||
|
scan
|
||||||
|
* Improve handling of unconsumed content
|
||||||
|
* Jetty start.jar always reports jetty.tag.version as master
|
||||||
|
* HttpConnection.getBytesIn() incorrect for requests with chunked
|
||||||
|
content
|
||||||
|
* SslConnection compacting
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -18,14 +18,15 @@
|
|||||||
|
|
||||||
|
|
||||||
%global base_name jetty
|
%global base_name jetty
|
||||||
%global addver .v20210224
|
%global addver .v20210413
|
||||||
|
%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
|
||||||
Name: %{base_name}-websocket
|
Name: %{base_name}-websocket
|
||||||
Version: 9.4.38
|
Version: 9.4.40
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The websocket modules for Jetty
|
Summary: The websocket modules for Jetty
|
||||||
License: Apache-2.0 OR EPL-1.0
|
License: Apache-2.0 OR EPL-1.0
|
||||||
URL: https://www.eclipse.org/jetty/
|
URL: https://www.eclipse.org/jetty/
|
||||||
Source0: https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
|
Source0: https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
# Multiple providers, chose the 1.0 one over 1.1, since
|
# Multiple providers, chose the 1.0 one over 1.1, since
|
||||||
# the relevant artifacts assume the API version 1.0
|
# the relevant artifacts assume the API version 1.0
|
||||||
@ -111,7 +112,7 @@ Summary: Javadoc for %{name}
|
|||||||
%{summary}.
|
%{summary}.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
|
%setup -q -n %{src_name}
|
||||||
|
|
||||||
find . -name "*.?ar" -exec rm {} \;
|
find . -name "*.?ar" -exec rm {} \;
|
||||||
find . -name "*.class" -exec rm {} \;
|
find . -name "*.class" -exec rm {} \;
|
||||||
|
|||||||
3
jetty.project-jetty-9.4.40.v20210413.tar.gz
Normal file
3
jetty.project-jetty-9.4.40.v20210413.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:11b612ef3489f350c9d8eeeff3227e76752b089facad7507b831d822e091d9c0
|
||||||
|
size 19233699
|
||||||
Loading…
Reference in New Issue
Block a user