diff --git a/0001-cve-CVE-2024-22201.patch b/0001-cve-CVE-2024-22201.patch new file mode 100644 index 0000000000000000000000000000000000000000..49e867fad6c7e3820af85b263cbc8f51ead5ca90 --- /dev/null +++ b/0001-cve-CVE-2024-22201.patch @@ -0,0 +1,152 @@ +From 333ddd1724a7430b89168cb6dab3a02fe22bd979 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E6=9C=B1=E7=BA=A2=E6=B3=A2?= +Date: Thu, 15 Aug 2024 16:45:47 +0800 +Subject: [PATCH] cve: CVE-2024-22201 + +--- + jetty-jaas/pom.xml | 64 +++------------------------------------------- + pom.xml | 3 --- + 2 files changed, 3 insertions(+), 64 deletions(-) + +diff --git a/jetty-jaas/pom.xml b/jetty-jaas/pom.xml +index e2d1410..c4fa3ee 100644 +--- a/jetty-jaas/pom.xml ++++ b/jetty-jaas/pom.xml +@@ -2,7 +2,7 @@ + + org.eclipse.jetty + jetty-project +- 9.4.55.v20240627 ++ 9.4.55.v20240627 + + 4.0.0 + jetty-jaas +@@ -11,8 +11,7 @@ + + ${project.groupId}.jaas + +- 2.0.0.AM26 +- 2.1.5 ++ 2.0.0-M24 + org.eclipse.jetty.jaas.* + + +@@ -23,15 +22,6 @@ + org.apache.maven.plugins + maven-source-plugin + +- +- org.apache.maven.plugins +- maven-surefire-plugin +- +- false +- false +- true +- +- + + + +@@ -52,14 +42,10 @@ + + + org.apache.directory.server +- apacheds-test-framework ++ apacheds-all + ${apacheds.version} + test + +- +- junit +- junit +- + + +@@ -108,27 +94,6 @@ + + + +- +- org.apache.directory.api +- api-ldap-schema-data +- ${apache.directory.api.version} +- test +- +- +- org.apache.directory.api +- api-ldap-model +- ${apache.directory.api.version} +- +- +- org.apache.directory.api +- api-util +- ${apache.directory.api.version} +- +- +- org.apache.directory.api +- api-asn1-api +- ${apache.directory.api.version} +- + + + org.junit.vintage +@@ -138,27 +103,4 @@ + + + +- +- +- +- jdk16 +- +- [16,) +- +- +- +- +- +- org.apache.maven.plugins +- maven-surefire-plugin +- +- --add-opens java.base/sun.security.x509=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED +- +- +- +- +- +- +- +- + +diff --git a/pom.xml b/pom.xml +index e8a5358..1335ebb 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -1042,7 +1042,6 @@ + org.junit + junit-bom + ${junit.version} +- pom + import + + +@@ -1056,7 +1055,6 @@ + org.testcontainers + testcontainers-bom + ${testcontainers.version} +- pom + import + + +@@ -1120,7 +1118,6 @@ + org.infinispan + infinispan-bom + ${infinispan.version} +- pom + import + + +-- +2.39.3 + diff --git a/jetty-9.4.43.v20210629.tar.gz b/jetty-9.4.55.v20240627.tar.gz similarity index 70% rename from jetty-9.4.43.v20210629.tar.gz rename to jetty-9.4.55.v20240627.tar.gz index 2a7c80ba182eadc45fc19dc6d8442bdcb8cb9550..970151f8dd3f659bb6a8440183735375d3ebb45c 100644 Binary files a/jetty-9.4.43.v20210629.tar.gz and b/jetty-9.4.55.v20240627.tar.gz differ diff --git a/jetty.spec b/jetty.spec index 6ab0e99bab51933de7629ccf7fe08ffbc66a3443..dbb08e7e3d78af472c3dcf8a641bb2eab5853f9b 100644 --- a/jetty.spec +++ b/jetty.spec @@ -44,7 +44,7 @@ %global appdir %{jettylibdir}/webapps -%global addver .v20210629 +%global addver .v20240627 # minimal version required to build eclipse and thermostat # eclipse needs: util, server, http, continuation, io, security, servlet @@ -53,7 +53,7 @@ %bcond_without jp_minimal Name: jetty -Version: 9.4.43 +Version: 9.4.55 Release: %{anolis_release}%{?dist} Summary: Java Webserver and Servlet Container @@ -69,6 +69,7 @@ Source6: LICENSE-MIT Patch1: 0001-Distro-jetty.home.patch Patch2: 0002-Port-to-servlet-api-4-5.patch +Patch3: 0001-cve-CVE-2024-22201.patch %if %{with bootstrap} BuildRequires: javapackages-bootstrap @@ -597,6 +598,7 @@ License: (ASL 2.0 or EPL-1.0) and MIT %patch1 -p1 %patch2 -p1 +%patch3 -p1 find . -name "*.?ar" -exec rm {} \; find . -name "*.class" -exec rm {} \; @@ -980,6 +982,9 @@ exit 0 %license LICENSE NOTICE.txt LICENSE-MIT %changelog +* Wed Aug 14 2024 zhuhongbo - 9.4.55-1 +- cve: CVE-2024-22201 + * Wed Jan 10 2024 mgb01105731 - 9.4.43-1 - update to version 9.4.43