Accepting request 1088154 from Java:packages

Security fixes OBS-URL: https://build.opensuse.org/request/show/1088154 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=18
2023-05-22 11:14:17 +00:00 · 2023-05-22 11:14:17 +00:00 · 80725d8401
commit 80725d8401
parent bf6bef1272 4de4c39f20
8 changed files with 68 additions and 9 deletions
--- a/jetty-minimal.changes
+++ b/jetty-minimal.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Sun May 21 05:09:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 9.4.51.v20230217
+  * Fixes of 9.4.49.v20220914:
+    + #8578 - getRequestURL can append "null" if getRequestURI is
+      unspecified in an authority-form request-target
+    + #8493 - Review HTTP client feature setRemoveIdleDestinations
+  * Fixes of 9.4.50.v20221201:
+    + #8774 - Added SizeLimitHandler
+    + #8678 - Jetty client is not responding to GO_AWAY packet
+      received from (Jetty) Server and continue to send traffic on
+      same connection
+  * Fixes of 9.4.51.v20230217:
+    + #9352 - Update / Fix CookieCutter
+    + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
+    + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
+      bsc#1210621
+
 -------------------------------------------------------------------
 Thu May  4 11:24:50 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/jetty-minimal.spec
+++ b/jetty-minimal.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220622
+%global addver  .v20230217
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.48
+Version:        9.4.51
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0
@ -369,6 +369,8 @@ sed -i '/^\s*\*.*<script>/d' jetty-util/src/main/java/org/eclipse/jetty/util/res
 # Distribution tests require internet access, so disable
 %pom_disable_module test-distribution tests

+%pom_change_dep org.apache.directory.api: :::test jetty-jaas
+
 # missing conscrypt
 %pom_disable_module jetty-alpn-conscrypt-server jetty-alpn
 %pom_disable_module jetty-alpn-conscrypt-client jetty-alpn
--- a/jetty-unixsocket.changes
+++ b/jetty-unixsocket.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Sun May 21 05:09:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 9.4.51.v20230217
+  * Fixes of 9.4.49.v20220914:
+    + #8578 - getRequestURL can append "null" if getRequestURI is
+      unspecified in an authority-form request-target
+    + #8493 - Review HTTP client feature setRemoveIdleDestinations
+  * Fixes of 9.4.50.v20221201:
+    + #8774 - Added SizeLimitHandler
+    + #8678 - Jetty client is not responding to GO_AWAY packet
+      received from (Jetty) Server and continue to send traffic on
+      same connection
+  * Fixes of 9.4.51.v20230217:
+    + #9352 - Update / Fix CookieCutter
+    + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
+    + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
+      bsc#1210621
+
 -------------------------------------------------------------------
 Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>

--- a/jetty-unixsocket.spec
+++ b/jetty-unixsocket.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220622
+%global addver  .v20230217
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-unixsocket
-Version:        9.4.48
+Version:        9.4.51
 Release:        0
 Summary:        The unixsocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
--- a/jetty-websocket.changes
+++ b/jetty-websocket.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Sun May 21 05:09:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 9.4.51.v20230217
+  * Fixes of 9.4.49.v20220914:
+    + #8578 - getRequestURL can append "null" if getRequestURI is
+      unspecified in an authority-form request-target
+    + #8493 - Review HTTP client feature setRemoveIdleDestinations
+  * Fixes of 9.4.50.v20221201:
+    + #8774 - Added SizeLimitHandler
+    + #8678 - Jetty client is not responding to GO_AWAY packet
+      received from (Jetty) Server and continue to send traffic on
+      same connection
+  * Fixes of 9.4.51.v20230217:
+    + #9352 - Update / Fix CookieCutter
+    + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
+    + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
+      bsc#1210621
+
 -------------------------------------------------------------------
 Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>

--- a/jetty-websocket.spec
+++ b/jetty-websocket.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220622
+%global addver  .v20230217
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.48
+Version:        9.4.51
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
--- a/jetty.project-jetty-9.4.48.v20220622.tar.gz
+++ b/jetty.project-jetty-9.4.48.v20220622.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e6898c8603bc85e96605e7455972148c1847db79b1616b5067633de1221ada39
-size 19318548
--- a/jetty.project-jetty-9.4.51.v20230217.tar.gz
+++ b/jetty.project-jetty-9.4.51.v20230217.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4417c5551ae21fd33ada64cf6ae275adcaffff7d4daa5a25cab3b06a3709eac8
+size 19331040