Accepting request 987945 from Java:packages

bsc#1201316 and bsc#1201317 OBS-URL: https://build.opensuse.org/request/show/987945 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/jetty-minimal?expand=0&rev=15
2022-07-09 15:03:20 +00:00 · 2022-07-09 15:03:20 +00:00 · 22fd19a848
commit 22fd19a848
parent 25c5afb386 acf286247c
8 changed files with 108 additions and 9 deletions
--- a/jetty-minimal.changes
+++ b/jetty-minimal.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.48.v20220622
+  * Fixes
+    + #8184 - All suffix globs except first fail to match if path
+      has "." character in prefix section
+    + #8145 - RegexPathSpec backport of optional group name/info
+      lookup if regex fails
+    + #8088 - Add option to configure exitVm on ShutdownMonitor from
+      System properties
+    + #8067 - Wall time usage in DoSFilter RateTracker results in
+      false positive alert
+    + #8014 - Review HttpRequest URI construction (Resolves
+      CVE-2022-2047, bsc#1201317)
+    + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
+      parser
+    + #7947 - Improved PathSpec handling for servletName & pathInfo
+    + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
+      bsc#1201316)
+    + #7918 - PathMappings.asPathSpec does not allow root
+      ServletPathSpec
+    + #7863 - Default servlet drops first accept-encoding header if
+      there is more than one.
+    + #7858 - GZipHandler does not play nice with other handlers in
+      HandlerCollection
+    + #7837 - Fix StatisticsHandler in the case a Handler throws
+      exception
+    + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
+    + #7748 - Allow overriding of url-pattern mapping in
+      ServletContextHandler to allow for regex or uri-template
+      matching
+
 -------------------------------------------------------------------
 Tue Mar 29 14:13:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>

--- a/jetty-minimal.spec
+++ b/jetty-minimal.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220328
+%global addver  .v20220622
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-minimal
-Version:        9.4.46
+Version:        9.4.48
 Release:        0
 Summary:        Java Webserver and Servlet Container
 License:        Apache-2.0 OR EPL-1.0
--- a/jetty-unixsocket.changes
+++ b/jetty-unixsocket.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.48.v20220622
+  * Fixes
+    + #8184 - All suffix globs except first fail to match if path
+      has "." character in prefix section
+    + #8145 - RegexPathSpec backport of optional group name/info
+      lookup if regex fails
+    + #8088 - Add option to configure exitVm on ShutdownMonitor from
+      System properties
+    + #8067 - Wall time usage in DoSFilter RateTracker results in
+      false positive alert
+    + #8014 - Review HttpRequest URI construction (Resolves
+      CVE-2022-2047, bsc#1201317)
+    + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
+      parser
+    + #7947 - Improved PathSpec handling for servletName & pathInfo
+    + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
+      bsc#1201316)
+    + #7918 - PathMappings.asPathSpec does not allow root
+      ServletPathSpec
+    + #7863 - Default servlet drops first accept-encoding header if
+      there is more than one.
+    + #7858 - GZipHandler does not play nice with other handlers in
+      HandlerCollection
+    + #7837 - Fix StatisticsHandler in the case a Handler throws
+      exception
+    + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
+    + #7748 - Allow overriding of url-pattern mapping in
+      ServletContextHandler to allow for regex or uri-template
+      matching
+
 -------------------------------------------------------------------
 Tue Mar 29 14:13:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>

--- a/jetty-unixsocket.spec
+++ b/jetty-unixsocket.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220328
+%global addver  .v20220622
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-unixsocket
-Version:        9.4.46
+Version:        9.4.48
 Release:        0
 Summary:        The unixsocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
--- a/jetty-websocket.changes
+++ b/jetty-websocket.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to version 9.4.48.v20220622
+  * Fixes
+    + #8184 - All suffix globs except first fail to match if path
+      has "." character in prefix section
+    + #8145 - RegexPathSpec backport of optional group name/info
+      lookup if regex fails
+    + #8088 - Add option to configure exitVm on ShutdownMonitor from
+      System properties
+    + #8067 - Wall time usage in DoSFilter RateTracker results in
+      false positive alert
+    + #8014 - Review HttpRequest URI construction (Resolves
+      CVE-2022-2047, bsc#1201317)
+    + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
+      parser
+    + #7947 - Improved PathSpec handling for servletName & pathInfo
+    + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
+      bsc#1201316)
+    + #7918 - PathMappings.asPathSpec does not allow root
+      ServletPathSpec
+    + #7863 - Default servlet drops first accept-encoding header if
+      there is more than one.
+    + #7858 - GZipHandler does not play nice with other handlers in
+      HandlerCollection
+    + #7837 - Fix StatisticsHandler in the case a Handler throws
+      exception
+    + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
+    + #7748 - Allow overriding of url-pattern mapping in
+      ServletContextHandler to allow for regex or uri-template
+      matching
+
 -------------------------------------------------------------------
 Tue Mar 29 14:13:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>

--- a/jetty-websocket.spec
+++ b/jetty-websocket.spec
@ -18,10 +18,10 @@


 %global base_name jetty
-%global addver  .v20220328
+%global addver  .v20220622
 %define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
 Name:           %{base_name}-websocket
-Version:        9.4.46
+Version:        9.4.48
 Release:        0
 Summary:        The websocket modules for Jetty
 License:        Apache-2.0 OR EPL-1.0
--- a/jetty.project-jetty-9.4.46.v20220328.tar.gz
+++ b/jetty.project-jetty-9.4.46.v20220328.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:835199f75dc4f11844441445dd7ce877e5d62d0bcdc9741adcd8075674dad7fb
-size 19312390
--- a/jetty.project-jetty-9.4.48.v20220622.tar.gz
+++ b/jetty.project-jetty-9.4.48.v20220622.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6898c8603bc85e96605e7455972148c1847db79b1616b5067633de1221ada39
+size 19318548