Accepting request 1208241 from Java:packages

CVE-2024-8184, bsc#1231651

OBS-URL: https://build.opensuse.org/request/show/1208241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=24

jetty-alpn.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.56.v20240826
+  * Security fixes:
+    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
+      vulnerable to remote DoS attacks
+  * Changes:
+    + #12201 backport ThreadLimitHandler improvements from Jetty 12
+    + #11938 - Updating URL refs from eclipse.org/jetty and
+      eclipse.dev/jetty to jetty.org (including XML dtd references)
+    + #10805 - Jetty response with an invalid HTTP2 packet if the
+      client set the hpack table size as 0
+
 -------------------------------------------------------------------
 Fri Oct 11 10:31:15 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

jetty-alpn.spec

@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20240208
+%global addver  .v20240826
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-alpn
-Version:        9.4.54
+Version:        9.4.56
 Release:        0
 Summary:        The alpn modules for Jetty
 License:        Apache-2.0 OR EPL-1.0

jetty-http2.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.56.v20240826
+  * Security fixes:
+    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
+      vulnerable to remote DoS attacks
+  * Changes:
+    + #12201 backport ThreadLimitHandler improvements from Jetty 12
+    + #11938 - Updating URL refs from eclipse.org/jetty and
+      eclipse.dev/jetty to jetty.org (including XML dtd references)
+    + #10805 - Jetty response with an invalid HTTP2 packet if the
+      client set the hpack table size as 0
+
 -------------------------------------------------------------------
 Fri Oct 11 17:30:25 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

jetty-http2.spec

@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20240208
+%global addver  .v20240826
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-http2
-Version:        9.4.54
+Version:        9.4.56
 Release:        0
 Summary:        The http2 modules for Jetty
 License:        Apache-2.0 OR EPL-1.0

jetty-minimal.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.56.v20240826
+  * Security fixes:
+    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
+      vulnerable to remote DoS attacks
+  * Changes:
+    + #12201 backport ThreadLimitHandler improvements from Jetty 12
+    + #11938 - Updating URL refs from eclipse.org/jetty and
+      eclipse.dev/jetty to jetty.org (including XML dtd references)
+    + #10805 - Jetty response with an invalid HTTP2 packet if the
+      client set the hpack table size as 0
+
 -------------------------------------------------------------------
 Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

jetty-minimal.spec

@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20240208
+%global addver  .v20240826
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.54
+Version:        9.4.56
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0

jetty-unixsocket.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.56.v20240826
+  * Security fixes:
+    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
+      vulnerable to remote DoS attacks
+  * Changes:
+    + #12201 backport ThreadLimitHandler improvements from Jetty 12
+    + #11938 - Updating URL refs from eclipse.org/jetty and
+      eclipse.dev/jetty to jetty.org (including XML dtd references)
+    + #10805 - Jetty response with an invalid HTTP2 packet if the
+      client set the hpack table size as 0
+
 -------------------------------------------------------------------
 Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

jetty-unixsocket.spec

@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20240208
+%global addver  .v20240826
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-unixsocket
-Version:        9.4.54
+Version:        9.4.56
 Release:        0
 Summary:        The unixsocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0

jetty-websocket.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.56.v20240826
+  * Security fixes:
+    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
+      vulnerable to remote DoS attacks
+  * Changes:
+    + #12201 backport ThreadLimitHandler improvements from Jetty 12
+    + #11938 - Updating URL refs from eclipse.org/jetty and
+      eclipse.dev/jetty to jetty.org (including XML dtd references)
+    + #10805 - Jetty response with an invalid HTTP2 packet if the
+      client set the hpack table size as 0
+
 -------------------------------------------------------------------
 Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 

jetty-websocket.spec

@@ -18,10 +18,10 @@
 
 
 %global base_name jetty
-%global addver  .v20240208
+%global addver  .v20240826
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.54
+Version:        9.4.56
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0

jetty.project-jetty-9.4.54.v20240208.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:51201322d72c5ef29c0ae83ef130a3b58460a41935e38c7830c26deece87473f
-size 19349613

jetty.project-jetty-9.4.56.v20240826.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02955a9152023af2238ed5a5aa331b6b6ef2e2934f9d4871b318763254315968
+size 19348893