packages/undertow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-3888

Browse Source 
(cherry picked from commit eb08a2a33edb37b781d72efc0e850c0645da8bd6)
This commit is contained in:
wk333 2021-10-28 15:14:24 +08:00 committed by openeuler-sync-bot
parent 42ab89ee49
commit a0841985b4
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2019-3888.patch Normal file
View File

@ -0,0 +1,22 @@
From ac72df4e61b73d205c6cc5ad08226fa4c889ccc2 Mon Sep 17 00:00:00 2001
From: Michael Bolz <michael.bolz@sap.com>
Date: Tue, 1 Oct 2019 06:45:17 +0200
Subject: [PATCH] [UNDERTOW-1515] HttpServerExchange.toString does not include
headers
---
core/src/main/java/io/undertow/server/HttpServerExchange.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/src/main/java/io/undertow/server/HttpServerExchange.java b/core/src/main/java/io/undertow/server/HttpServerExchange.java
index d933eb7811..a2763ed6ab 100644
--- a/core/src/main/java/io/undertow/server/HttpServerExchange.java
+++ b/core/src/main/java/io/undertow/server/HttpServerExchange.java
@@ -2443,6 +2443,6 @@ public T create() {
@Override
public String toString() {
- return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + " request " + requestHeaders + " response " + responseHeaders + '}';
+ return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + '}';
}
}

7
undertow.spec
View File

@ -2,7 +2,7 @@
%global namedversion %{version}%{?namedreltag}
Name: undertow
Version: 1.4.0
Release: 2
Release: 3
Summary: Java web server using non-blocking IO
License: ASL 2.0
URL: http://undertow.io/
@ -10,6 +10,7 @@ Source0: https://github.com/undertow-io/undertow/archive/%{namedvers
# Remove unavailable methods in jetty-alpn-api-1.1.0
Patch0: undertow-1.4.0-jetty-alpn-api-1.1.0.patch
Patch1: CVE-2020-10705.patch
Patch2: CVE-2019-3888.patch
BuildArch: noarch
Epoch: 1
BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
@ -34,6 +35,7 @@ This package contains the API documentation for %{name}.
%setup -q -n %{name}-%{namedversion}
%patch0 -p1
%patch1 -p1
%patch2 -p1
rm -rf mac-jdk-fix
%pom_disable_module examples
%pom_remove_plugin -r :maven-checkstyle-plugin
@ -62,6 +64,9 @@ done
%license LICENSE.txt
%changelog
* Wed Oct 28 2021 wangkai <wangkai385@huawei.com> - 1.4.0-3
- Fix CVE-2019-3888
* Wed Oct 27 2021 houyingchao <houyingchao@huawei.com> - 1.4.0-2
- Fix CVE-2020-10705