Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package jetty-minimal for openSUSE:Factory
checked in at 2021-05-15 23:16:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jetty-minimal (Old)
and /work/SRC/openSUSE:Factory/.jetty-minimal.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jetty-minimal"
Sat May 15 23:16:20 2021 rev:8 rq:893309 version:9.4.40
Changes:
--------
--- /work/SRC/openSUSE:Factory/jetty-minimal/jetty-minimal.changes
2021-03-12 13:34:03.682388249 +0100
+++ /work/SRC/openSUSE:Factory/.jetty-minimal.new.2988/jetty-minimal.changes
2021-05-15 23:17:20.096467247 +0200
@@ -1,0 +2,10 @@
+Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+ * Fix: CVE-2021-28165 - jetty server high CPU when client send
+ data length > 17408
+ * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+ * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+ scan
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/jetty-minimal/jetty-websocket.changes
2021-03-12 13:34:03.722388305 +0100
+++ /work/SRC/openSUSE:Factory/.jetty-minimal.new.2988/jetty-websocket.changes
2021-05-15 23:17:20.112467185 +0200
@@ -1,0 +2,15 @@
+Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de>
+
+- Update to version 9.4.40.v20210413
+ * Fix: CVE-2021-28165 - jetty server high CPU when client send
+ data length > 17408
+ * Fix: CVE-2021-28164 - Normalize ambiguous URIs
+ * Fix: CVE-2021-28163 - Exclude webapps directory from deployment
+ scan
+ * Improve handling of unconsumed content
+ * Jetty start.jar always reports jetty.tag.version as master
+ * HttpConnection.getBytesIn() incorrect for requests with chunked
+ content
+ * SslConnection compacting
+
+-------------------------------------------------------------------
Old:
----
jetty-9.4.38.v20210224.tar.gz
New:
----
jetty.project-jetty-9.4.40.v20210413.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jetty-minimal.spec ++++++
--- /var/tmp/diff_new_pack.ifA2JS/_old 2021-05-15 23:17:20.996463733 +0200
+++ /var/tmp/diff_new_pack.ifA2JS/_new 2021-05-15 23:17:21.000463717 +0200
@@ -18,14 +18,15 @@
%global base_name jetty
-%global addver .v20210224
+%global addver .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
Name: %{base_name}-minimal
-Version: 9.4.38
+Version: 9.4.40
Release: 0
Summary: Java Webserver and Servlet Container
License: Apache-2.0 OR EPL-1.0
URL: https://www.eclipse.org/jetty/
-Source0:
https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:
https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
BuildRequires: fdupes
BuildRequires: maven-local
BuildRequires: mvn(javax.annotation:javax.annotation-api)
@@ -187,7 +188,7 @@
%{summary}.
%prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
find . -name "*.?ar" -exec rm {} \;
find . -name "*.class" -exec rm {} \;
++++++ jetty-websocket.spec ++++++
--- /var/tmp/diff_new_pack.ifA2JS/_old 2021-05-15 23:17:21.020463639 +0200
+++ /var/tmp/diff_new_pack.ifA2JS/_new 2021-05-15 23:17:21.024463623 +0200
@@ -18,14 +18,15 @@
%global base_name jetty
-%global addver .v20210224
+%global addver .v20210413
+%define src_name %{base_name}.project-%{base_name}-%{version}%{addver}
Name: %{base_name}-websocket
-Version: 9.4.38
+Version: 9.4.40
Release: 0
Summary: The websocket modules for Jetty
License: Apache-2.0 OR EPL-1.0
URL: https://www.eclipse.org/jetty/
-Source0:
https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz
+Source0:
https://github.com/eclipse/%{base_name}.project/archive/%{base_name}-%{version}%{addver}.tar.gz#/%{src_name}.tar.gz
BuildRequires: fdupes
# Multiple providers, chose the 1.0 one over 1.1, since
# the relevant artifacts assume the API version 1.0
@@ -111,7 +112,7 @@
%{summary}.
%prep
-%setup -q -n %{base_name}.project-%{base_name}-%{version}%{addver}
+%setup -q -n %{src_name}
find . -name "*.?ar" -exec rm {} \;
find . -name "*.class" -exec rm {} \;
