Fix CVE-2023-1108
(cherry picked from commit c5b24f21b91099ae8ce406eed9aa12986c5df06c)
This commit is contained in:
mayp
openeuler-sync-bot
parent
25983d3345
commit
34879cee8e
25
CVE-2023-1108.patch
Normal file
25
CVE-2023-1108.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: mayp <mayanping@ncti-gba.cn>
|
||||||
|
Date: Mon, 3 Apr 2023 18:02:05 +0800
|
||||||
|
Subject: [PATCH] Fix CVE-2023-1108
|
||||||
|
|
||||||
|
---
|
||||||
|
core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
|
||||||
|
index 3084915..dde0e0c 100644
|
||||||
|
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
|
||||||
|
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
|
||||||
|
@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
SSLEngineResult result = null;
|
||||||
|
- while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
|
||||||
|
+ while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
|
||||||
|
if (userBuffers == null) {
|
||||||
|
result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
|
||||||
|
} else {
|
||||||
|
--
|
||||||
|
2.36.1
|
||||||
|
|
||||||
@ -2,7 +2,7 @@
|
|||||||
%global namedversion %{version}%{?namedreltag}
|
%global namedversion %{version}%{?namedreltag}
|
||||||
Name: undertow
|
Name: undertow
|
||||||
Version: 1.4.0
|
Version: 1.4.0
|
||||||
Release: 4
|
Release: 5
|
||||||
Summary: Java web server using non-blocking IO
|
Summary: Java web server using non-blocking IO
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://undertow.io/
|
URL: http://undertow.io/
|
||||||
@ -12,6 +12,7 @@ Patch0: undertow-1.4.0-jetty-alpn-api-1.1.0.patch
|
|||||||
Patch1: CVE-2020-10705.patch
|
Patch1: CVE-2020-10705.patch
|
||||||
Patch2: CVE-2019-3888.patch
|
Patch2: CVE-2019-3888.patch
|
||||||
Patch3: CVE-2020-10719.patch
|
Patch3: CVE-2020-10719.patch
|
||||||
|
Patch4: CVE-2023-1108.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
|
BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
|
||||||
@ -38,6 +39,7 @@ This package contains the API documentation for %{name}.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
rm -rf mac-jdk-fix
|
rm -rf mac-jdk-fix
|
||||||
%pom_disable_module examples
|
%pom_disable_module examples
|
||||||
%pom_remove_plugin -r :maven-checkstyle-plugin
|
%pom_remove_plugin -r :maven-checkstyle-plugin
|
||||||
@ -66,6 +68,9 @@ done
|
|||||||
%license LICENSE.txt
|
%license LICENSE.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 3 2023 mayp <mayanping@ncti-gba.cn> - 1:1.4.0-5
|
||||||
|
- Fix CVE-2023-1108
|
||||||
|
|
||||||
* Wed Oct 29 2021 wangkai <wangkai385@huawei.com> - 1.4.0-4
|
* Wed Oct 29 2021 wangkai <wangkai385@huawei.com> - 1.4.0-4
|
||||||
- Fix CVE-2020-10719
|
- Fix CVE-2020-10719
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user