Hello community, here is the log from the commit of package jetty5 for openSUSE:12.1:Update:Test checked in at 2012-02-16 10:42:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/jetty5 (Old) and /work/SRC/openSUSE:12.1:Update:Test/.jetty5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jetty5", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/jetty5/jetty5.changes 2012-02-16 10:42:27.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.jetty5.new/jetty5.changes 2012-02-16 10:42:28.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Feb 14 12:11:09 UTC 2012 - [email protected] + +- fix bnc#739121 - VUL-0: jetty5: hash collision attacks + +------------------------------------------------------------------- New: ---- jetty-hashDOS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jetty5.spec ++++++ --- /var/tmp/diff_new_pack.UNIsQT/_old 2012-02-16 10:42:28.000000000 +0100 +++ /var/tmp/diff_new_pack.UNIsQT/_new 2012-02-16 10:42:28.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package jetty5 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - %define with() %{expand:%%{?with_%{1}:1}%%{!?with_%{1}:0}} %define without() %{expand:%%{?with_%{1}:0}%%{!?with_%{1}:1}} %define bcond_with() %{expand:%%{?_with_%{1}:%%global with_%{1} 1}} @@ -39,10 +38,10 @@ Name: jetty5 Version: 5.1.15 -Release: 5 +Release: 0 Summary: Webserver and Servlet Container +License: Apache-2.0 Group: Networking/Daemons -License: ASL 2.0 Url: http://jetty.mortbay.org/jetty/ #wget http://dist.codehaus.org/jetty/jetty-5.1.x/jetty-5.1.15.tgz #tar -xf jetty-5.1.15.tgz @@ -68,6 +67,10 @@ # PATCH-FIX-UPSTREAM bnc#551802, brc#499867 # https://bugzilla.redhat.com/attachment.cgi?id=343874 Patch6: jetty-5.1.14-CVE-2009-1523.patch +#PATCH-FIX-UPSTREAM: bnc#739121, brc#781677 +#https://bugzilla.redhat.com/attachment.cgi?id=556318 +#backported from jetty6 +Patch7: jetty-hashDOS.patch BuildRequires: jpackage-utils >= 1.6 # build only BuildRequires: ant-junit @@ -148,7 +151,6 @@ platforms. %package javadoc -License: ASL 2.0 Summary: Javadoc for %{name} Group: Development/Documentation @@ -167,7 +169,6 @@ platforms. %package demo -License: ASL 2.0 Summary: Examples for %{name} Group: Development/Documentation Requires: %{name} = %{version}-%{release} @@ -189,7 +190,6 @@ %if %with extra %package extra -License: ASL 2.0 Summary: Extras for %{name} Group: Networking/Daemons Requires: %{name} = %{version} @@ -239,7 +239,6 @@ %endif %package manual -License: ASL 2.0 Summary: Documents for %{name} Group: Development/Documentation @@ -282,6 +281,8 @@ %patch3 -b .sav %patch5 -p1 -b .jettyrc %patch6 -b .CVE-2009-1523 +%patch7 -p1 -b .CVE-2011-4461 + # Delete this Sun specific file. rm src/org/mortbay/http/SunJsseListener.java # Convert line endings... ++++++ jetty-hashDOS.patch ++++++ Index: jetty-5.1.14/src/org/mortbay/http/HttpRequest.java =================================================================== --- jetty-5.1.14.orig/src/org/mortbay/http/HttpRequest.java 2006-11-23 09:56:52.000000000 +0100 +++ jetty-5.1.14/src/org/mortbay/http/HttpRequest.java 2012-02-10 14:07:03.942175496 +0100 @@ -80,6 +80,14 @@ /* ------------------------------------------------------------ */ /** + * Maximum number of form Keys to protect against DOS attack from crafted hash keys. + * Set via the org.eclipse.jetty.server.Request.maxFormKeys + */ + private static int __maxFormKeys = Integer.getInteger( + "org.eclipse.jetty.server.Request.maxFormKeys",1000).intValue(); + + /* ------------------------------------------------------------ */ + /** * Maximum header line length. */ public static int __maxLineLength = 4096; @@ -891,7 +899,7 @@ throw new IllegalStateException("Form too large"); // Add form params to query params - UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters,encoding); + UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters, encoding, __maxFormKeys); } catch (EOFException e) { Index: jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java =================================================================== --- jetty-5.1.14.orig/src/org/mortbay/util/UrlEncoded.java 2005-12-22 00:14:38.000000000 +0100 +++ jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java 2012-02-10 14:09:59.119192395 +0100 @@ -71,13 +71,13 @@ /* ----------------------------------------------------------------- */ public void decode(String query) { - decodeTo(query,this,StringUtil.__ISO_8859_1); + decodeTo(query,this,StringUtil.__ISO_8859_1,-1); } /* ----------------------------------------------------------------- */ public void decode(String query,String charset) { - decodeTo(query,this,charset); + decodeTo(query,this,charset,-1); } /* -------------------------------------------------------------- */ @@ -162,10 +162,8 @@ */ public static void decodeTo(String content,MultiMap map) { - decodeTo(content,map,StringUtil.__ISO_8859_1); + decodeTo(content,map,StringUtil.__ISO_8859_1,-1); } - - /* -------------------------------------------------------------- */ /** Decoded parameters to Map. @@ -173,6 +171,15 @@ */ public static void decodeTo(String content, MultiMap map, String charset) { + decodeTo(content,map,charset, -1); + } + + /* -------------------------------------------------------------- */ + /** Decoded parameters to Map. + * @param content the string containing the encoded parameters + */ + public static void decodeTo(String content, MultiMap map, String charset, int maxKeys) + { if (charset==null) charset=StringUtil.__ISO_8859_1; @@ -199,6 +206,11 @@ map.add(key,value); key = null; } + if (maxKeys>0 && map.size()>maxKeys) + { + log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys)); + return; + } break; case '=': if (key!=null) @@ -239,7 +251,7 @@ /** Decoded parameters to Map. * @param data the byte[] containing the encoded parameters */ - public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset) + public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset, int maxKeys) { if (data == null || length == 0) return; @@ -269,6 +281,11 @@ key = null; } ox = offset; + if (maxKeys>0 && map.size()>maxKeys) + { + log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys)); + return; + } break; case '=': if (key!=null) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
