Hello community, here is the log from the commit of package jetty5 for openSUSE:11.4 checked in at Wed Feb 15 10:32:58 CET 2012.
-------- --- old-versions/11.4/all/jetty5/jetty5.changes 2009-11-06 13:54:56.000000000 +0100 +++ 11.4/jetty5/jetty5.changes 2012-02-14 11:33:14.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Feb 14 10:32:41 UTC 2012 - mvysko...@suse.cz + +- fix bnc#739121 - VUL-0: jetty5: hash collision attacks + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/jetty5 Destination is old-versions/11.4/UPDATES/all/jetty5 calling whatdependson for 11.4-i586 New: ---- jetty-hashDOS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jetty5.spec ++++++ --- /var/tmp/diff_new_pack.yKf2y9/_old 2012-02-15 10:32:42.000000000 +0100 +++ /var/tmp/diff_new_pack.yKf2y9/_new 2012-02-15 10:32:42.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package jetty5 (Version 5.1.14) +# spec file for package jetty5 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,10 +39,10 @@ Name: jetty5 Version: 5.1.14 -Release: 3 +Release: 11.<RELEASE12> Summary: Webserver and Servlet Container +License: Apache-2.0 Group: Networking/Daemons -License: ASL 2.0 Url: http://jetty.mortbay.org/jetty/ Source0: http://ftp.mortbay.org/pub/jetty-5/jetty-5.1.14.tar.bz2 Source1: jetty5.script @@ -63,6 +63,10 @@ # PATCH-FIX-UPSTREAM bnc#551802, brc#499867 # https://bugzilla.redhat.com/attachment.cgi?id=343874 Patch6: jetty-5.1.14-CVE-2009-1523.patch +#PATCH-FIX-UPSTREAM: bnc#739121, brc#781677 +#https://bugzilla.redhat.com/attachment.cgi?id=556318 +#backported from jetty6 +Patch7: jetty-hashDOS.patch BuildRequires: jpackage-utils >= 1.6 # build only BuildRequires: ant-junit @@ -143,7 +147,7 @@ platforms. %package javadoc -License: ASL 2.0 + Summary: Javadoc for %{name} Group: Development/Documentation @@ -162,7 +166,7 @@ platforms. %package demo -License: ASL 2.0 + Summary: Examples for %{name} Group: Development/Documentation Requires: %{name} = %{version}-%{release} @@ -184,7 +188,7 @@ %if %with extra %package extra -License: ASL 2.0 + Summary: Extras for %{name} Group: Networking/Daemons Requires: %{name} = %{version} @@ -234,7 +238,7 @@ %endif %package manual -License: ASL 2.0 + Summary: Documents for %{name} Group: Development/Documentation @@ -278,6 +282,8 @@ %patch4 %patch5 -p1 -b .jettyrc %patch6 -b .CVE-2009-1523 +%patch7 -p1 -b .CVE-2011-4461 + # Delete this Sun specific file. rm src/org/mortbay/http/SunJsseListener.java # Convert line endings... ++++++ jetty-hashDOS.patch ++++++ Index: jetty-5.1.14/src/org/mortbay/http/HttpRequest.java =================================================================== --- jetty-5.1.14.orig/src/org/mortbay/http/HttpRequest.java 2006-11-23 09:56:52.000000000 +0100 +++ jetty-5.1.14/src/org/mortbay/http/HttpRequest.java 2012-02-10 14:07:03.942175496 +0100 @@ -80,6 +80,14 @@ /* ------------------------------------------------------------ */ /** + * Maximum number of form Keys to protect against DOS attack from crafted hash keys. + * Set via the org.eclipse.jetty.server.Request.maxFormKeys + */ + private static int __maxFormKeys = Integer.getInteger( + "org.eclipse.jetty.server.Request.maxFormKeys",1000).intValue(); + + /* ------------------------------------------------------------ */ + /** * Maximum header line length. */ public static int __maxLineLength = 4096; @@ -891,7 +899,7 @@ throw new IllegalStateException("Form too large"); // Add form params to query params - UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters,encoding); + UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters, encoding, __maxFormKeys); } catch (EOFException e) { Index: jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java =================================================================== --- jetty-5.1.14.orig/src/org/mortbay/util/UrlEncoded.java 2005-12-22 00:14:38.000000000 +0100 +++ jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java 2012-02-10 14:09:59.119192395 +0100 @@ -71,13 +71,13 @@ /* ----------------------------------------------------------------- */ public void decode(String query) { - decodeTo(query,this,StringUtil.__ISO_8859_1); + decodeTo(query,this,StringUtil.__ISO_8859_1,-1); } /* ----------------------------------------------------------------- */ public void decode(String query,String charset) { - decodeTo(query,this,charset); + decodeTo(query,this,charset,-1); } /* -------------------------------------------------------------- */ @@ -162,10 +162,8 @@ */ public static void decodeTo(String content,MultiMap map) { - decodeTo(content,map,StringUtil.__ISO_8859_1); + decodeTo(content,map,StringUtil.__ISO_8859_1,-1); } - - /* -------------------------------------------------------------- */ /** Decoded parameters to Map. @@ -173,6 +171,15 @@ */ public static void decodeTo(String content, MultiMap map, String charset) { + decodeTo(content,map,charset, -1); + } + + /* -------------------------------------------------------------- */ + /** Decoded parameters to Map. + * @param content the string containing the encoded parameters + */ + public static void decodeTo(String content, MultiMap map, String charset, int maxKeys) + { if (charset==null) charset=StringUtil.__ISO_8859_1; @@ -199,6 +206,11 @@ map.add(key,value); key = null; } + if (maxKeys>0 && map.size()>maxKeys) + { + log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys)); + return; + } break; case '=': if (key!=null) @@ -239,7 +251,7 @@ /** Decoded parameters to Map. * @param data the byte[] containing the encoded parameters */ - public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset) + public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset, int maxKeys) { if (data == null || length == 0) return; @@ -269,6 +281,11 @@ key = null; } ox = offset; + if (maxKeys>0 && map.size()>maxKeys) + { + log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys)); + return; + } break; case '=': if (key!=null) continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
