!4 fix CVE-2016-9606
From: @wangxiao65 Reviewed-by: @wangchong1995924 Signed-off-by: @wangchong1995924
This commit is contained in:
openeuler-ci-bot
Gitee
commit
948408d75f
59
CVE-2016-9606.patch
Normal file
59
CVE-2016-9606.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 7ae52d2322169295a18570892d7596af69d41545 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Jurak <pjurak@redhat.com>
|
||||
Date: Tue, 28 Feb 2017 15:45:58 +0100
|
||||
Subject: [PATCH] [RESTEASY-1618] Yaml unmarshalling vulnerable to RCE
|
||||
|
||||
---
|
||||
.../org/jboss/resteasy/resteasy1223/TestResteasy1223.java | 3 ++-
|
||||
.../resources/META-INF/services/javax.ws.rs.ext.Providers | 1 +
|
||||
.../jboss/resteasy/test/providers/yaml/TestYamlProvider.java | 4 ++--
|
||||
3 files changed, 5 insertions(+), 3 deletions(-)
|
||||
rename jaxrs/{providers/yaml/src/main => arquillian/RESTEASY-1223-WF8/src/test}/resources/META-INF/services/javax.ws.rs.ext.Providers (98%)
|
||||
|
||||
diff --git a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
|
||||
index 301ddd6535..b6805d30bf 100644
|
||||
--- a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
|
||||
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
|
||||
@@ -31,7 +31,8 @@
|
||||
public static Archive<?> createTestArchive() {
|
||||
WebArchive war = ShrinkWrap.create(WebArchive.class, "resteasy1223.war")
|
||||
.addClasses(TestApplication.class, YamlResource.class, MyNestedObject.class, MyObject.class)
|
||||
- .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF");
|
||||
+ .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF")
|
||||
+ .addAsResource("META-INF/services/javax.ws.rs.ext.Providers");
|
||||
return war;
|
||||
}
|
||||
|
||||
diff --git a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
|
||||
similarity index 98%
|
||||
rename from jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
|
||||
rename to jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
|
||||
index 9a6782a638..c854fd6d9a 100644
|
||||
--- a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
|
||||
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
|
||||
@@ -1 +1,2 @@
|
||||
org.jboss.resteasy.plugins.providers.YamlProvider
|
||||
+
|
||||
diff --git a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
|
||||
index 05be1b26c6..5cf75aacf8 100644
|
||||
--- a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
|
||||
+++ b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
|
||||
@@ -3,6 +3,7 @@
|
||||
import junit.framework.Assert;
|
||||
import org.jboss.resteasy.client.ClientRequest;
|
||||
import org.jboss.resteasy.client.ClientResponse;
|
||||
+import org.jboss.resteasy.plugins.providers.YamlProvider;
|
||||
import org.jboss.resteasy.test.BaseResourceTest;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
@@ -19,9 +20,8 @@
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
-
|
||||
addPerRequestResource(YamlResource.class);
|
||||
-
|
||||
+ getProviderFactory().registerProvider(YamlProvider.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -2,13 +2,14 @@
|
||||
%global namedversion %{version}%{namedreltag}
|
||||
Name: resteasy
|
||||
Version: 3.0.19
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: Framework for RESTful Web services and Java applications
|
||||
License: ASL 2.0 and CDDL
|
||||
URL: https://github.com/resteasy/Resteasy/
|
||||
Source0: https://github.com/resteasy/Resteasy/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz
|
||||
Patch0: resteasy-3.0.19-Mime4j-0.7.2-support.patch
|
||||
Patch1: resteasy-3.0.19-port-resteasy-netty-to-netty-3.10.6.patch
|
||||
Patch2: CVE-2016-9606.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: maven-local mvn(com.beust:jcommander) mvn(com.fasterxml:classmate)
|
||||
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations)
|
||||
@ -194,6 +195,7 @@ Summary: Test modules for %{name}
|
||||
find -name '*.jar' -print -delete
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%pom_disable_module resteasy-spring jaxrs
|
||||
%pom_disable_module fastinfoset jaxrs/providers
|
||||
%pom_disable_module examples jaxrs
|
||||
@ -328,5 +330,8 @@ done
|
||||
%license jaxrs/License.html
|
||||
|
||||
%changelog
|
||||
* Fri Jan 29 2021 wangxiao <wangxiao65@huawe.com> - 3.0.19-2
|
||||
- fix CVE-2016-9606
|
||||
|
||||
* Wed Oct 28 2020 baizhonggui <baizhonggui@huawei.com> - 3.0.19-1
|
||||
- package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user