!28 [sync] PR-27: Delete TransferTestCase.java TestCase

From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530

CVE-2019-3888.patch

@@ -0,0 +1,22 @@
+From ac72df4e61b73d205c6cc5ad08226fa4c889ccc2 Mon Sep 17 00:00:00 2001
+From: Michael Bolz <michael.bolz@sap.com>
+Date: Tue, 1 Oct 2019 06:45:17 +0200
+Subject: [PATCH] [UNDERTOW-1515] HttpServerExchange.toString does not include
+ headers
+
+---
+ core/src/main/java/io/undertow/server/HttpServerExchange.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/src/main/java/io/undertow/server/HttpServerExchange.java b/core/src/main/java/io/undertow/server/HttpServerExchange.java
+index d933eb7811..a2763ed6ab 100644
+--- a/core/src/main/java/io/undertow/server/HttpServerExchange.java
++++ b/core/src/main/java/io/undertow/server/HttpServerExchange.java
+@@ -2443,6 +2443,6 @@ public T create() {
+ 
+     @Override
+     public String toString() {
+-        return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + " request " + requestHeaders + " response " + responseHeaders + '}';
++        return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + '}';
+     }
+ }

CVE-2020-10705.patch

@@ -0,0 +1,97 @@
+From b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 Mon Sep 17 00:00:00 2001
+From: Stuart Douglas <stuart.w.douglas@gmail.com>
+Date: Wed, 15 Apr 2020 15:39:02 +1000
+Subject: [PATCH] [UNDERTOW-1657] Fix issue with 100-continue and h2
+
+---
+ .../server/handlers/HttpContinueReadHandler.java     | 12 +++++++-----
+ .../server/protocol/ajp/AjpServerConnection.java     |  6 +++++-
+ .../server/protocol/http/HttpServerConnection.java   |  6 +++++-
+ 3 files changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
+index 33c5c25..4a905f3 100644
+--- a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
++++ b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
+@@ -23,15 +23,17 @@ import java.nio.ByteBuffer;
+ import java.nio.channels.FileChannel;
+ import java.util.concurrent.TimeUnit;
+ 
++import org.xnio.channels.StreamSinkChannel;
++import org.xnio.conduits.AbstractStreamSourceConduit;
++import org.xnio.conduits.StreamSourceConduit;
++
+ import io.undertow.server.ConduitWrapper;
+-import io.undertow.server.protocol.http.HttpContinue;
+ import io.undertow.server.HttpHandler;
+ import io.undertow.server.HttpServerExchange;
++import io.undertow.server.ResponseCommitListener;
++import io.undertow.server.protocol.http.HttpContinue;
+ import io.undertow.util.ConduitFactory;
+ import io.undertow.util.StatusCodes;
+-import org.xnio.channels.StreamSinkChannel;
+-import org.xnio.conduits.AbstractStreamSourceConduit;
+-import org.xnio.conduits.StreamSourceConduit;
+ 
+ /**
+  * Handler for requests that require 100-continue responses. If an attempt is made to read from the source
+@@ -44,7 +46,7 @@ public class HttpContinueReadHandler implements HttpHandler {
+     private static final ConduitWrapper<StreamSourceConduit> WRAPPER = new ConduitWrapper<StreamSourceConduit>() {
+         @Override
+         public StreamSourceConduit wrap(final ConduitFactory<StreamSourceConduit> factory, final HttpServerExchange exchange) {
+-            if(exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) {
++            if (exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) {
+                 return new ContinueConduit(factory.create(), exchange);
+             }
+             return factory.create();
+diff --git a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
+index e5e3031..d9cae2d 100644
+--- a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
++++ b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
+@@ -26,6 +26,8 @@ import io.undertow.server.HttpHandler;
+ import io.undertow.server.HttpServerExchange;
+ import io.undertow.server.SSLSessionInfo;
+ import io.undertow.util.DateUtils;
++
++import org.xnio.IoUtils;
+ import org.xnio.OptionMap;
+ import io.undertow.connector.ByteBufferPool;
+ import org.xnio.StreamConnection;
+@@ -61,7 +63,9 @@ public final class AjpServerConnection extends AbstractServerConnection {
+ 
+     @Override
+     public void terminateRequestChannel(HttpServerExchange exchange) {
+-        //todo: terminate
++        if (!exchange.isPersistent()) {
++            IoUtils.safeClose(getChannel().getSourceChannel());
++        }
+     }
+ 
+     @Override
+diff --git a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
+index 0128e9b..63bcdd6 100644
+--- a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
++++ b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
+@@ -36,6 +36,8 @@ import io.undertow.util.Headers;
+ import io.undertow.util.HttpString;
+ import io.undertow.util.ImmediatePooledByteBuffer;
+ import io.undertow.util.Methods;
++
++import org.xnio.IoUtils;
+ import org.xnio.OptionMap;
+ import io.undertow.connector.ByteBufferPool;
+ import io.undertow.connector.PooledByteBuffer;
+@@ -135,7 +137,9 @@ public final class HttpServerConnection extends AbstractServerConnection {
+ 
+     @Override
+     public void terminateRequestChannel(HttpServerExchange exchange) {
+-
++        if (!exchange.isPersistent()) {
++            IoUtils.safeClose(getChannel().getSourceChannel());
++        }
+     }
+ 
+     /**
+-- 
+2.23.0
+

CVE-2020-10719.patch

@@ -0,0 +1,48 @@
+From bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf Mon Sep 17 00:00:00 2001
+From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
+Date: Tue, 25 Feb 2020 13:26:20 +0000
+Subject: [PATCH] [UNDERTOW-1708][JBEAP-18537] Fix overflow of chunk size
+
+---
+ core/src/main/java/io/undertow/UndertowMessages.java     | 3 +++
+ core/src/main/java/io/undertow/conduits/ChunkReader.java | 5 +++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/core/src/main/java/io/undertow/UndertowMessages.java b/core/src/main/java/io/undertow/UndertowMessages.java
+index fbde7d1..3aa4ad8 100644
+--- a/core/src/main/java/io/undertow/UndertowMessages.java
++++ b/core/src/main/java/io/undertow/UndertowMessages.java
+@@ -471,4 +471,7 @@ public interface UndertowMessages {
+ 
+     @Message(id = 147, value = "No host header in a HTTP/1.1 request")
+     IOException noHostInHttp11Request();
++
++    @Message(id = 195, value = "Chunk size too large")
++    IOException chunkSizeTooLarge();
+ }
+diff --git a/core/src/main/java/io/undertow/conduits/ChunkReader.java b/core/src/main/java/io/undertow/conduits/ChunkReader.java
+index 21ef002..e064f71 100644
+--- a/core/src/main/java/io/undertow/conduits/ChunkReader.java
++++ b/core/src/main/java/io/undertow/conduits/ChunkReader.java
+@@ -48,6 +48,8 @@ class ChunkReader<T extends Conduit> {
+ 
+     private static final long MASK_COUNT = longBitMask(0, 56);
+ 
++    private static final long LIMIT = Long.MAX_VALUE >> 4;
++
+     private long state;
+     private final Attachable attachable;
+     private final AttachmentKey<HeaderMap> trailerAttachmentKey;
+@@ -103,6 +105,9 @@ class ChunkReader<T extends Conduit> {
+                 while (buf.hasRemaining()) {
+                     byte b = buf.get();
+                     if ((b >= '0' && b <= '9') || (b >= 'a' && b <= 'f') || (b >= 'A' && b <= 'F')) {
++                        if (chunkRemaining > LIMIT) {
++                            throw UndertowMessages.MESSAGES.chunkSizeTooLarge();
++                        }
+                         chunkRemaining <<= 4; //shift it 4 bytes and then add the next value to the end
+                         chunkRemaining += Character.digit((char) b, 16);
+                     } else {
+-- 
+2.23.0
+

CVE-2023-1108.patch

@@ -0,0 +1,25 @@
+From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001
+From: mayp <mayanping@ncti-gba.cn>
+Date: Mon, 3 Apr 2023 18:02:05 +0800
+Subject: [PATCH] Fix CVE-2023-1108
+
+---
+ core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+index 3084915..dde0e0c 100644
+--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
++++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {
+         }
+         try {
+             SSLEngineResult result = null;
+-            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
++            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
+                 if (userBuffers == null) {
+                     result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
+                 } else {
+-- 
+2.36.1
+

undertow.spec

@@ -2,13 +2,17 @@
 %global namedversion %{version}%{?namedreltag}
 Name:                undertow
 Version:             1.4.0
-Release:             1
+Release:             6
 Summary:             Java web server using non-blocking IO
 License:             ASL 2.0
 URL:                 http://undertow.io/
 Source0:             https://github.com/undertow-io/undertow/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz
 # Remove unavailable methods in jetty-alpn-api-1.1.0
 Patch0:              undertow-1.4.0-jetty-alpn-api-1.1.0.patch
+Patch1:		     CVE-2020-10705.patch
+Patch2:              CVE-2019-3888.patch
+Patch3:              CVE-2020-10719.patch
+Patch4:              CVE-2023-1108.patch
 BuildArch:           noarch
 Epoch:               1
 BuildRequires:       maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
@@ -32,7 +36,15 @@ This package contains the API documentation for %{name}.
 %prep
 %setup -q -n %{name}-%{namedversion}
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 rm -rf mac-jdk-fix
+
+#Remove test cases suspected of containing viruses 
+rm -rf servlet/src/test/java/io/undertow/servlet/test/proprietry/TransferTestCase.java
+
 %pom_disable_module examples
 %pom_remove_plugin -r :maven-checkstyle-plugin
 %pom_remove_plugin org.bitstrings.maven.plugins:dependencypath-maven-plugin core
@@ -60,5 +72,20 @@ done
 %license LICENSE.txt
 
 %changelog
+* Tue Jun 13 2023 liyanan <thistleslyn@163.com> - 1:1.4.0-6
+- Delete TransferTestCase.java TestCase
+
+* Mon Apr 3 2023 mayp <mayanping@ncti-gba.cn> - 1:1.4.0-5
+- Fix CVE-2023-1108
+
+* Wed Oct 29 2021 wangkai <wangkai385@huawei.com> - 1.4.0-4
+- Fix CVE-2020-10719
+
+* Wed Oct 28 2021 wangkai <wangkai385@huawei.com> - 1.4.0-3
+- Fix CVE-2019-3888
+
+* Wed Oct 27 2021 houyingchao <houyingchao@huawei.com> - 1.4.0-2
+- Fix CVE-2020-10705
+
 * Wed Aug 19 2020 maminjie <maminjie1@huawei.com> - 1.4.0-1
 - package init