!11 [sync] PR-7: fix CVE-2019-3888

From: @openeuler-sync-bot Reviewed-by: @wangchong1995924 Signed-off-by: @wangchong1995924
2021-10-28 11:59:50 +00:00 · 2021-10-28 11:59:50 +00:00 · 98c08111ae
commit 98c08111ae
parent 42ab89ee49 a0841985b4
2 changed files with 28 additions and 1 deletions
--- a/CVE-2019-3888.patch
+++ b/CVE-2019-3888.patch
@ -0,0 +1,22 @@
 From ac72df4e61b73d205c6cc5ad08226fa4c889ccc2 Mon Sep 17 00:00:00 2001
 From: Michael Bolz <michael.bolz@sap.com>
 Date: Tue, 1 Oct 2019 06:45:17 +0200
 Subject: [PATCH] [UNDERTOW-1515] HttpServerExchange.toString does not include
 headers
 ---
 core/src/main/java/io/undertow/server/HttpServerExchange.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/core/src/main/java/io/undertow/server/HttpServerExchange.java b/core/src/main/java/io/undertow/server/HttpServerExchange.java
 index d933eb7811..a2763ed6ab 100644
 --- a/core/src/main/java/io/undertow/server/HttpServerExchange.java
 +++ b/core/src/main/java/io/undertow/server/HttpServerExchange.java
@@ -2443,6 +2443,6 @@ public T create() {
     @Override
     public String toString() {
 -        return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + " request " + requestHeaders + " response " + responseHeaders + '}';
 +        return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + '}';
     }
 }
--- a/undertow.spec
+++ b/undertow.spec
@ -2,7 +2,7 @@
 %global namedversion %{version}%{?namedreltag}
 Name:                undertow
 Version:             1.4.0
-Release:             2
+Release:             3
 Summary:             Java web server using non-blocking IO
 License:             ASL 2.0
 URL:                 http://undertow.io/
@ -10,6 +10,7 @@ Source0:             https://github.com/undertow-io/undertow/archive/%{namedvers
 # Remove unavailable methods in jetty-alpn-api-1.1.0
 Patch0:              undertow-1.4.0-jetty-alpn-api-1.1.0.patch
 Patch1:		     CVE-2020-10705.patch
 Patch2:              CVE-2019-3888.patch
 BuildArch:           noarch
 Epoch:               1
 BuildRequires:       maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
@ -34,6 +35,7 @@ This package contains the API documentation for %{name}.
 %setup -q -n %{name}-%{namedversion}
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 rm -rf mac-jdk-fix
 %pom_disable_module examples
 %pom_remove_plugin -r :maven-checkstyle-plugin
@ -62,6 +64,9 @@ done
 %license LICENSE.txt
 %changelog
 * Wed Oct 28 2021 wangkai <wangkai385@huawei.com> - 1.4.0-3
 - Fix CVE-2019-3888
 * Wed Oct 27 2021 houyingchao <houyingchao@huawei.com> - 1.4.0-2
 - Fix CVE-2020-10705