diff --git a/CVE-2016-9606.patch b/CVE-2016-9606.patch new file mode 100644 index 0000000000000000000000000000000000000000..ea751e75e325f2482a495eda995ffcb95bafccb4 --- /dev/null +++ b/CVE-2016-9606.patch @@ -0,0 +1,59 @@ +From 7ae52d2322169295a18570892d7596af69d41545 Mon Sep 17 00:00:00 2001 +From: Petr Jurak +Date: Tue, 28 Feb 2017 15:45:58 +0100 +Subject: [PATCH] [RESTEASY-1618] Yaml unmarshalling vulnerable to RCE + +--- + .../org/jboss/resteasy/resteasy1223/TestResteasy1223.java | 3 ++- + .../resources/META-INF/services/javax.ws.rs.ext.Providers | 1 + + .../jboss/resteasy/test/providers/yaml/TestYamlProvider.java | 4 ++-- + 3 files changed, 5 insertions(+), 3 deletions(-) + rename jaxrs/{providers/yaml/src/main => arquillian/RESTEASY-1223-WF8/src/test}/resources/META-INF/services/javax.ws.rs.ext.Providers (98%) + +diff --git a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java +index 301ddd6535..b6805d30bf 100644 +--- a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java ++++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java +@@ -31,7 +31,8 @@ + public static Archive createTestArchive() { + WebArchive war = ShrinkWrap.create(WebArchive.class, "resteasy1223.war") + .addClasses(TestApplication.class, YamlResource.class, MyNestedObject.class, MyObject.class) +- .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF"); ++ .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF") ++ .addAsResource("META-INF/services/javax.ws.rs.ext.Providers"); + return war; + } + +diff --git a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers +similarity index 98% +rename from jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers +rename to jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers +index 9a6782a638..c854fd6d9a 100644 +--- a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers ++++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers +@@ -1 +1,2 @@ + org.jboss.resteasy.plugins.providers.YamlProvider ++ +diff --git a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java +index 05be1b26c6..5cf75aacf8 100644 +--- a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java ++++ b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java +@@ -3,6 +3,7 @@ + import junit.framework.Assert; + import org.jboss.resteasy.client.ClientRequest; + import org.jboss.resteasy.client.ClientResponse; ++import org.jboss.resteasy.plugins.providers.YamlProvider; + import org.jboss.resteasy.test.BaseResourceTest; + import org.junit.Before; + import org.junit.Test; +@@ -19,9 +20,8 @@ + + @Before + public void setUp() { +- + addPerRequestResource(YamlResource.class); +- ++ getProviderFactory().registerProvider(YamlProvider.class); + } + + @Test diff --git a/CVE-2020-10688-1.patch b/CVE-2020-10688-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..acbb4d779cea4b8f09732c586a3dc6dea56ebb00 --- /dev/null +++ b/CVE-2020-10688-1.patch @@ -0,0 +1,97 @@ +From 7dcc7b2e7938433b8edea3ce9ada867532beb236 Mon Sep 17 00:00:00 2001 +From: wang_yue111 <648774160@qq.com> +Date: Wed, 9 Jun 2021 17:25:36 +0800 +Subject: [PATCH] 2 + +--- + .../core/StringParameterInjector.java | 23 ++++++++++++++----- + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +index b7178f6..537ae0d 100755 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +@@ -15,6 +15,7 @@ import javax.ws.rs.WebApplicationException; + import javax.ws.rs.ext.ParamConverter; + import javax.ws.rs.ext.RuntimeDelegate; + ++import java.io.UnsupportedEncodingException; + import java.lang.annotation.Annotation; + import java.lang.reflect.AccessibleObject; + import java.lang.reflect.Array; +@@ -24,6 +25,8 @@ import java.lang.reflect.Method; + import java.lang.reflect.Modifier; + import java.lang.reflect.ParameterizedType; + import java.lang.reflect.Type; ++import java.net.URLEncoder; ++import java.nio.charset.StandardCharsets; + import java.util.ArrayList; + import java.util.Collection; + import java.util.Collections; +@@ -298,7 +301,7 @@ public class StringParameterInjector + catch (Exception e) + { + LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e); + } + if (paramConverter != null) + { +@@ -325,12 +328,12 @@ public class StringParameterInjector + catch (InstantiationException e) + { + LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e); + } + catch (IllegalAccessException e) + { + LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e); + } + catch (InvocationTargetException e) + { +@@ -340,7 +343,7 @@ public class StringParameterInjector + throw ((WebApplicationException)targetException); + } + LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), targetException); + } + } + else if (valueOf != null) +@@ -352,7 +355,7 @@ public class StringParameterInjector + catch (IllegalAccessException e) + { + LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), e); + } + catch (InvocationTargetException e) + { +@@ -362,12 +365,20 @@ public class StringParameterInjector + throw ((WebApplicationException)targetException); + } + LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target); +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), _encode(strVal)), targetException); + } + } + return null; + } + ++ private String _encode(String strVal) { ++ try { ++ return URLEncoder.encode(strVal, StandardCharsets.UTF_8.toString()); ++ } catch (UnsupportedEncodingException e) { ++ return e.getMessage(); ++ } ++ } ++ + protected void throwProcessingException(String message, Throwable cause) + { + throw new BadRequestException(message, cause); +-- +2.23.0 + diff --git a/CVE-2020-10688-2.patch b/CVE-2020-10688-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..4df03e0f33c4dea251ee606d2751b4663f00e84d --- /dev/null +++ b/CVE-2020-10688-2.patch @@ -0,0 +1,28 @@ +From c6aac87508a99b0e5514da687abdb1ba246f3839 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E9=98=BF=E7=94=B7?= +Date: Thu, 12 Mar 2020 12:13:17 +0800 +Subject: [PATCH] update + +--- + .../java/org/jboss/resteasy/core/StringParameterInjector.java | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +index 537ae0d..fbfd5d4 100755 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +@@ -373,9 +373,9 @@ public class StringParameterInjector + + private String _encode(String strVal) { + try { +- return URLEncoder.encode(strVal, StandardCharsets.UTF_8.toString()); ++ return URLEncoder.encode(strVal, StandardCharsets.UTF_8.name()); + } catch (UnsupportedEncodingException e) { +- return e.getMessage(); ++ throw new RuntimeException(e); + } + } + +-- +2.23.0 + diff --git a/CVE-2020-1695.patch b/CVE-2020-1695.patch new file mode 100644 index 0000000000000000000000000000000000000000..23912d1a100f3b91e1a2a3d83ea7aa9309373c0f --- /dev/null +++ b/CVE-2020-1695.patch @@ -0,0 +1,44 @@ +From acf15f2a8067f7e4cf5838342cecfa0b78a174fb Mon Sep 17 00:00:00 2001 +From: Bartosz Spyrko-Smietanko +Date: Thu, 16 Apr 2020 14:01:17 +0100 +Subject: [PATCH] [RESTEASY-2559] Improper validation of response header in + MediaTypeHeaderDelegate.java class + +--- + .../plugins/delegates/MediaTypeHeaderDelegate.java | 1 + + .../test/mediatype/MediaTypeHeaderTest.java | 14 ++++++++++++++ + 2 files changed, 15 insertions(+) + create mode 100644 testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java + +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java +index ccf08a4622..4e48e622b1 100644 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java +@@ -49,6 +49,7 @@ protected static boolean isValid(String str) + case '[': + case ']': + case '=': ++ case '\n': + return false; + default: + break; +diff --git a/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java +new file mode 100644 +index 0000000000..e46f018f7f +--- /dev/null ++++ b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java +@@ -0,0 +1,14 @@ ++package org.jboss.resteasy.test.mediatype; ++ ++import org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate; ++import org.junit.Test; ++ ++public class MediaTypeHeaderTest { ++ ++ @Test(expected = IllegalArgumentException.class) ++ public void testNewLineInHeaderValueIsRejected() { ++ MediaTypeHeaderDelegate delegate = new MediaTypeHeaderDelegate(); ++ ++ delegate.fromString("foo/bar\n"); ++ } ++} diff --git a/CVE-2021-20289.patch b/CVE-2021-20289.patch new file mode 100644 index 0000000000000000000000000000000000000000..f19dcc93474c1781e13001ea2dfa660ecfac98f0 --- /dev/null +++ b/CVE-2021-20289.patch @@ -0,0 +1,121 @@ +From 8dbcc5d69b2c077b1174e8cedac20956903e101b Mon Sep 17 00:00:00 2001 +From: lingsheng +Date: Wed, 21 Apr 2021 11:41:47 +0800 +Subject: [PATCH] [RESTEASY-2843] Do not add the target type to the thrown + exception. Instead log it as a debug message. + +Fix CVE-2021-20289, backport from https://github.com/resteasy/Resteasy/commit/358777a + +--- + .../core/StringParameterInjector.java | 19 +++++++++++++------ + .../resteasy_jaxrs/i18n/LogMessages.java | 4 ++++ + .../resteasy_jaxrs/i18n/Messages.java | 4 ++-- + 3 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +index e50ba88..b7178f6 100755 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/StringParameterInjector.java +@@ -1,6 +1,7 @@ + package org.jboss.resteasy.core; + + import org.jboss.resteasy.annotations.StringParameterUnmarshallerBinder; ++import org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages; + import org.jboss.resteasy.resteasy_jaxrs.i18n.Messages; + import org.jboss.resteasy.spi.ResteasyProviderFactory; + import org.jboss.resteasy.spi.StringConverter; +@@ -296,7 +297,8 @@ public class StringParameterInjector + } + catch (Exception e) + { +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), e); ++ LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); + } + if (paramConverter != null) + { +@@ -322,11 +324,13 @@ public class StringParameterInjector + } + catch (InstantiationException e) + { +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), e); ++ LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); + } + catch (IllegalAccessException e) + { +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), e); ++ LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); + } + catch (InvocationTargetException e) + { +@@ -335,7 +339,8 @@ public class StringParameterInjector + { + throw ((WebApplicationException)targetException); + } +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), targetException); ++ LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException); + } + } + else if (valueOf != null) +@@ -346,7 +351,8 @@ public class StringParameterInjector + } + catch (IllegalAccessException e) + { +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), e); ++ LogMessages.LOGGER.unableToExtractParameter(e, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), e); + } + catch (InvocationTargetException e) + { +@@ -355,7 +361,8 @@ public class StringParameterInjector + { + throw ((WebApplicationException)targetException); + } +- throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal, target), targetException); ++ LogMessages.LOGGER.unableToExtractParameter(targetException, getParamSignature(), strVal, target); ++ throwProcessingException(Messages.MESSAGES.unableToExtractParameter(getParamSignature(), strVal), targetException); + } + } + return null; +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java +index a1c82da..265e632 100644 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java +@@ -1,5 +1,6 @@ + package org.jboss.resteasy.resteasy_jaxrs.i18n; + ++import java.lang.reflect.AccessibleObject; + import java.net.URL; + + import javax.ws.rs.core.MediaType; +@@ -209,6 +210,9 @@ public interface LogMessages extends BasicLogger + @Message(id = BASE + 335, value = "Unable to retrieve config: enableSecureProcessingFeature defaults to true") + void unableToRetrieveConfigSecure(); + ++ @LogMessage(level = Level.DEBUG) ++ @Message("Unable to extract parameter from http request: %s value is '%s' for %s") ++ void unableToExtractParameter(@Cause Throwable cause, String paramSignature, String strVal, AccessibleObject target); + + /////////////////////////////////////////////////////////////////////////////////////////////////////////// + // TRACE // +diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/Messages.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/Messages.java +index 8a3ca94..472fa30 100644 +--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/Messages.java ++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/Messages.java +@@ -549,8 +549,8 @@ public interface Messages + @Message(id = BASE + 865, value = "Unable to determine base class from Type") + String unableToDetermineBaseClass(); + +- @Message(id = BASE + 870, value = "Unable to extract parameter from http request: {0} value is '{1}' for {2}", format=Format.MESSAGE_FORMAT) +- String unableToExtractParameter(String paramSignature, String strVal, AccessibleObject target); ++ @Message(id = BASE + 870, value = "Unable to extract parameter from http request: %s value is '%s'") ++ String unableToExtractParameter(String paramSignature, String strVal); + + @Message(id = BASE + 875, value = "Unable to find a constructor that takes a String param or a valueOf() or fromString() method for {0} on {1} for basetype: {2}", format=Format.MESSAGE_FORMAT) + String unableToFindConstructor(String paramSignature, AccessibleObject target, String className); +-- +2.23.0 + diff --git a/README.en.md b/README.en.md deleted file mode 100644 index 1be0fe57f46f447124224b49a038294d8fbfcd55..0000000000000000000000000000000000000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# resteasy - -#### Description -Framework for RESTful Web services and Java applications - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md deleted file mode 100644 index a25dfbfdc68699503499881d61616e5e5c02d060..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# resteasy - -#### 介绍 -Framework for RESTful Web services and Java applications - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 码云特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目 -5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/resteasy-3.0.19-Mime4j-0.7.2-support.patch b/resteasy-3.0.19-Mime4j-0.7.2-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..c98c299ff8b6b662e262094b9cc55387aba9bc63 --- /dev/null +++ b/resteasy-3.0.19-Mime4j-0.7.2-support.patch @@ -0,0 +1,241 @@ +diff -Nru Resteasy-3.0.19.Final/jaxrs/pom.xml Resteasy-3.0.19.Final.mime4j/jaxrs/pom.xml +--- Resteasy-3.0.19.Final/jaxrs/pom.xml 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/pom.xml 2016-08-21 13:34:08.110158700 +0200 +@@ -456,8 +456,18 @@ + + + org.apache.james +- apache-mime4j +- 0.6 ++ apache-mime4j-core ++ 0.7.2 ++ ++ ++ org.apache.james ++ apache-mime4j-dom ++ 0.7.2 ++ ++ ++ org.apache.james ++ apache-mime4j-storage ++ 0.7.2 + + + junit +diff -Nru Resteasy-3.0.19.Final/jaxrs/providers/multipart/pom.xml Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/pom.xml +--- Resteasy-3.0.19.Final/jaxrs/providers/multipart/pom.xml 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/pom.xml 2016-08-21 13:34:08.110158700 +0200 +@@ -39,7 +39,15 @@ + + + org.apache.james +- apache-mime4j ++ apache-mime4j-core ++ ++ ++ org.apache.james ++ apache-mime4j-dom ++ ++ ++ org.apache.james ++ apache-mime4j-storage + + + org.jboss.spec.javax.servlet +@@ -180,4 +188,4 @@ + + + +- +\ Manca newline alla fine del file ++ +diff -Nru Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/i18n/Messages.java Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/i18n/Messages.java +--- Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/i18n/Messages.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/i18n/Messages.java 2016-08-21 13:34:08.111158649 +0200 +@@ -5,7 +5,7 @@ + import javax.ws.rs.core.MediaType; + import javax.ws.rs.ext.MessageBodyReader; + +-import org.apache.james.mime4j.parser.Field; ++import org.apache.james.mime4j.stream.Field; + import org.jboss.logging.annotations.Message; + import org.jboss.logging.annotations.Message.Format; + import org.jboss.logging.annotations.MessageBundle; +diff -Nru Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartFormDataInputImpl.java Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartFormDataInputImpl.java +--- Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartFormDataInputImpl.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartFormDataInputImpl.java 2016-08-21 13:34:08.112158597 +0200 +@@ -1,9 +1,9 @@ + package org.jboss.resteasy.plugins.providers.multipart; + +-import org.apache.james.mime4j.field.ContentDispositionField; +-import org.apache.james.mime4j.field.FieldName; ++import org.apache.james.mime4j.dom.field.ContentDispositionField; ++import org.apache.james.mime4j.dom.field.FieldName; + import org.apache.james.mime4j.message.BodyPart; +-import org.apache.james.mime4j.parser.Field; ++import org.apache.james.mime4j.stream.Field; + import org.jboss.resteasy.plugins.providers.multipart.i18n.Messages; + + import javax.ws.rs.core.GenericType; +diff -Nru Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl.java Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl.java +--- Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl.java 2016-08-21 13:34:08.113158546 +0200 +@@ -4,22 +4,22 @@ + import org.apache.james.mime4j.MimeIOException; + import org.apache.james.mime4j.codec.Base64InputStream; + import org.apache.james.mime4j.codec.QuotedPrintableInputStream; +-import org.apache.james.mime4j.descriptor.BodyDescriptor; +-import org.apache.james.mime4j.field.ContentTypeField; +-import org.apache.james.mime4j.message.BinaryBody; +-import org.apache.james.mime4j.message.Body; ++import org.apache.james.mime4j.dom.BinaryBody; ++import org.apache.james.mime4j.dom.Body; ++import org.apache.james.mime4j.dom.Entity; ++import org.apache.james.mime4j.dom.Message; ++import org.apache.james.mime4j.dom.Multipart; ++import org.apache.james.mime4j.dom.TextBody; ++import org.apache.james.mime4j.dom.MessageBuilder; ++import org.apache.james.mime4j.dom.MessageServiceFactory; ++import org.apache.james.mime4j.dom.field.ContentTypeField; ++import org.apache.james.mime4j.message.MessageImpl; + import org.apache.james.mime4j.message.BodyFactory; + import org.apache.james.mime4j.message.BodyPart; +-import org.apache.james.mime4j.message.Entity; +-import org.apache.james.mime4j.message.Message; +-import org.apache.james.mime4j.message.MessageBuilder; +-import org.apache.james.mime4j.message.Multipart; +-import org.apache.james.mime4j.message.TextBody; +-import org.apache.james.mime4j.parser.Field; ++import org.apache.james.mime4j.parser.AbstractContentHandler; + import org.apache.james.mime4j.parser.MimeStreamParser; +-import org.apache.james.mime4j.storage.DefaultStorageProvider; +-import org.apache.james.mime4j.storage.StorageProvider; +-import org.apache.james.mime4j.util.CharsetUtil; ++import org.apache.james.mime4j.stream.BodyDescriptor; ++import org.apache.james.mime4j.stream.Field; + import org.apache.james.mime4j.util.MimeUtil; + import org.jboss.resteasy.core.ProvidersContextRetainer; + import org.jboss.resteasy.plugins.providers.multipart.i18n.Messages; +@@ -47,6 +47,7 @@ + import java.lang.reflect.Method; + import java.lang.reflect.Type; + import java.util.ArrayList; ++import java.nio.charset.Charset; + import java.util.HashMap; + import java.util.Iterator; + import java.util.List; +@@ -69,7 +70,7 @@ + protected Providers savedProviders; + + // We hack MIME4j so that it always returns a BinaryBody so we don't have to deal with Readers and their charset conversions +- private static class BinaryOnlyMessageBuilder extends MessageBuilder ++ private static class BinaryOnlyMessageBuilder extends AbstractContentHandler + { + private Method expectMethod; + private java.lang.reflect.Field bodyFactoryField; +@@ -92,18 +93,6 @@ + } + } + +- private BinaryOnlyMessageBuilder(Entity entity) +- { +- super(entity); +- init(); +- } +- +- private BinaryOnlyMessageBuilder(Entity entity, StorageProvider storageProvider) +- { +- super(entity, storageProvider); +- init(); +- } +- + @Override + public void body(BodyDescriptor bd, InputStream is) throws MimeException, IOException + { +@@ -147,13 +136,13 @@ + } + } + +- private static class BinaryMessage extends Message ++ private static class BinaryMessage extends MessageImpl + { + private BinaryMessage(InputStream is) throws IOException, MimeIOException + { + try { +- MimeStreamParser parser = new MimeStreamParser(null); +- parser.setContentHandler(new BinaryOnlyMessageBuilder(this, DefaultStorageProvider.getInstance())); ++ MimeStreamParser parser = new MimeStreamParser(); ++ parser.setContentHandler(new BinaryOnlyMessageBuilder()); + parser.parse(is); + } catch (MimeException e) { + throw new MimeIOException(e); +@@ -198,15 +187,21 @@ + + public MultipartInputImpl(Multipart multipart, Providers workers) throws IOException + { +- for (BodyPart bodyPart : multipart.getBodyParts()) +- parts.add(extractPart(bodyPart)); ++ for (Entity bodyPart : multipart.getBodyParts()) ++ parts.add(extractPart((BodyPart) bodyPart)); + this.workers = workers; + } + + public void parse(InputStream is) throws IOException + { +- mimeMessage = new BinaryMessage(addHeaderToHeadlessStream(is)); +- extractParts(); ++ try { ++ MessageServiceFactory factory = MessageServiceFactory.newInstance(); ++ MessageBuilder builder = factory.newMessageBuilder(); ++ mimeMessage = builder.parseMessage(addHeaderToHeadlessStream(is)); ++ extractParts(); ++ } catch (MimeException e) { ++ throw new IOException("Couldn't parse message", e); ++ } + } + + protected InputStream addHeaderToHeadlessStream(InputStream is) +@@ -236,8 +231,8 @@ + protected void extractParts() throws IOException + { + Multipart multipart = (Multipart) mimeMessage.getBody(); +- for (BodyPart bodyPart : multipart.getBodyParts()) +- parts.add(extractPart(bodyPart)); ++ for (Entity bodyPart : multipart.getBodyParts()) ++ parts.add(extractPart((BodyPart) bodyPart)); + } + + protected InputPart extractPart(BodyPart bodyPart) throws IOException +diff -Nru Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartRelatedInputImpl.java Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartRelatedInputImpl.java +--- Resteasy-3.0.19.Final/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartRelatedInputImpl.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/providers/multipart/src/main/java/org/jboss/resteasy/plugins/providers/multipart/MultipartRelatedInputImpl.java 2016-08-21 13:34:08.114158495 +0200 +@@ -1,7 +1,7 @@ + package org.jboss.resteasy.plugins.providers.multipart; + +-import org.apache.james.mime4j.field.ContentTypeField; +-import org.apache.james.mime4j.field.FieldName; ++import org.apache.james.mime4j.dom.field.ContentTypeField; ++import org.apache.james.mime4j.dom.field.FieldName; + import org.apache.james.mime4j.message.BodyPart; + + import javax.ws.rs.core.MediaType; +diff -Nru Resteasy-3.0.19.Final/jaxrs/security/resteasy-crypto/pom.xml Resteasy-3.0.19.Final.mime4j/jaxrs/security/resteasy-crypto/pom.xml +--- Resteasy-3.0.19.Final/jaxrs/security/resteasy-crypto/pom.xml 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.mime4j/jaxrs/security/resteasy-crypto/pom.xml 2016-08-21 13:34:08.115158443 +0200 +@@ -70,7 +70,15 @@ + + + org.apache.james +- apache-mime4j ++ apache-mime4j-core ++ ++ ++ org.apache.james ++ apache-mime4j-dom ++ ++ ++ org.apache.james ++ apache-mime4j-storage + + + org.jboss.spec.javax.annotation diff --git a/resteasy-3.0.19-port-resteasy-netty-to-netty-3.10.6.patch b/resteasy-3.0.19-port-resteasy-netty-to-netty-3.10.6.patch new file mode 100644 index 0000000000000000000000000000000000000000..3190eacd04457a39d369ee1ec2cfffbf0d0c47b1 --- /dev/null +++ b/resteasy-3.0.19-port-resteasy-netty-to-netty-3.10.6.patch @@ -0,0 +1,68 @@ +diff -Nru Resteasy-3.0.19.Final/jaxrs/pom.xml Resteasy-3.0.19.Final.netty3/jaxrs/pom.xml +--- Resteasy-3.0.19.Final/jaxrs/pom.xml 2016-12-27 11:13:52.980803759 +0100 ++++ Resteasy-3.0.19.Final.netty3/jaxrs/pom.xml 2016-12-27 11:15:46.080178186 +0100 +@@ -39,7 +39,7 @@ + 1.2 + 1.0.0.Final + 4.0 +- 3.6.4.Final ++ 3.10.6.Final + 4.0.7.Final + 1.7.5 + 1.52 +diff -Nru Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyHttpResponse.java Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyHttpResponse.java +--- Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyHttpResponse.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyHttpResponse.java 2016-12-27 11:14:53.477794634 +0100 +@@ -119,8 +119,9 @@ + if (keepAlive) + { + // Add keep alive and content length if needed +- response.addHeader(Names.CONNECTION, Values.KEEP_ALIVE); +- response.addHeader(Names.CONTENT_LENGTH, 0); ++ response.headers() ++ .add(Names.CONNECTION, Values.KEEP_ALIVE) ++ .add(Names.CONTENT_LENGTH, 0); + } + channel.write(response); + committed = true; +diff -Nru Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyUtil.java Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyUtil.java +--- Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyUtil.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/NettyUtil.java 2016-12-27 11:03:35.816979009 +0100 +@@ -98,7 +98,7 @@ + { + Headers requestHeaders = new Headers(); + +- for (Map.Entry header : request.getHeaders()) ++ for (Map.Entry header : request.headers()) + { + requestHeaders.add(header.getKey(), header.getValue()); + } +diff -Nru Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/RestEasyHttpResponseEncoder.java Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/RestEasyHttpResponseEncoder.java +--- Resteasy-3.0.19.Final/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/RestEasyHttpResponseEncoder.java 2016-08-02 16:26:27.000000000 +0200 ++++ Resteasy-3.0.19.Final.netty3/jaxrs/server-adapters/resteasy-netty/src/main/java/org/jboss/resteasy/plugins/server/netty/RestEasyHttpResponseEncoder.java 2016-12-27 11:05:34.884907810 +0100 +@@ -58,11 +58,11 @@ + RuntimeDelegate.HeaderDelegate delegate = dispatcher.providerFactory.getHeaderDelegate(value.getClass()); + if (delegate != null) + { +- response.addHeader(key, delegate.toString(value)); ++ response.headers().add(key, delegate.toString(value)); + } + else + { +- response.setHeader(key, value.toString()); ++ response.headers().add(key, value.toString()); + } + } + } +@@ -77,8 +77,9 @@ + if (nettyResponse.isKeepAlive()) + { + // Add content length and connection header if needed +- response.setHeader(Names.CONTENT_LENGTH, buffer.readableBytes()); +- response.setHeader(Names.CONNECTION, Values.KEEP_ALIVE); ++ response.headers() ++ .set(Names.CONTENT_LENGTH, buffer.readableBytes()) ++ .set(Names.CONNECTION, Values.KEEP_ALIVE); + } + return response; + } diff --git a/resteasy-3.0.19.Final.tar.gz b/resteasy-3.0.19.Final.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..fcce942ed5a71c7e5b56d94de8669b76518b8acb Binary files /dev/null and b/resteasy-3.0.19.Final.tar.gz differ diff --git a/resteasy.spec b/resteasy.spec new file mode 100644 index 0000000000000000000000000000000000000000..5ec78939920c38fdf2c7200c137712ce0995993c --- /dev/null +++ b/resteasy.spec @@ -0,0 +1,358 @@ +%global namedreltag .Final +%global namedversion %{version}%{namedreltag} +Name: resteasy +Version: 3.0.19 +Release: 6 +Summary: Framework for RESTful Web services and Java applications +License: ASL 2.0 and CDDL +URL: https://github.com/resteasy/Resteasy/ +Source0: https://github.com/resteasy/Resteasy/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz +Patch0: resteasy-3.0.19-Mime4j-0.7.2-support.patch +Patch1: resteasy-3.0.19-port-resteasy-netty-to-netty-3.10.6.patch +Patch2: CVE-2016-9606.patch +Patch3: CVE-2021-20289.patch +Patch4: CVE-2020-10688-1.patch +Patch5: CVE-2020-10688-2.patch +Patch6: CVE-2020-1695.patch + +BuildArch: noarch +BuildRequires: maven-local mvn(com.beust:jcommander) mvn(com.fasterxml:classmate) +BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations) +BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) +BuildRequires: mvn(com.fasterxml.jackson.core:jackson-databind) +BuildRequires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider) +BuildRequires: mvn(com.google.inject:guice) mvn(com.sun.mail:javax.mail) +BuildRequires: mvn(com.sun.xml.bind:jaxb-impl) mvn(com.sun.xml.fastinfoset:FastInfoset) +BuildRequires: mvn(commons-io:commons-io) mvn(io.netty:netty:3) mvn(io.netty:netty-all) +BuildRequires: mvn(io.undertow:undertow-core) mvn(io.undertow:undertow-servlet) +BuildRequires: mvn(javax.enterprise:cdi-api) mvn(javax.json:javax.json-api) +BuildRequires: mvn(javax.validation:validation-api) mvn(junit:junit) mvn(log4j:log4j:12) +BuildRequires: mvn(net.jcip:jcip-annotations) mvn(net.oauth.core:oauth-provider) +BuildRequires: mvn(org.apache.httpcomponents:httpclient) +BuildRequires: mvn(org.apache.james:apache-mime4j-core) +BuildRequires: mvn(org.apache.james:apache-mime4j-dom) +BuildRequires: mvn(org.apache.james:apache-mime4j-storage) +BuildRequires: mvn(org.apache.maven.plugins:maven-source-plugin) +BuildRequires: mvn(org.bouncycastle:bcmail-jdk15on) mvn(org.bouncycastle:bcprov-jdk15on) +BuildRequires: mvn(org.codehaus.jackson:jackson-core-asl) +BuildRequires: mvn(org.codehaus.jackson:jackson-jaxrs) +BuildRequires: mvn(org.codehaus.jackson:jackson-mapper-asl) +BuildRequires: mvn(org.codehaus.jackson:jackson-xc) mvn(org.codehaus.jettison:jettison) +BuildRequires: mvn(org.eclipse.jetty:jetty-server) mvn(org.glassfish:javax.el) +BuildRequires: mvn(org.glassfish:javax.json) mvn(org.hibernate:hibernate-validator) +BuildRequires: mvn(org.hibernate.javax.persistence:hibernate-jpa-2.0-api) +BuildRequires: mvn(org.infinispan:infinispan-core) mvn(org.jboss:jboss-parent:pom:) +BuildRequires: mvn(org.jboss.jandex:jandex-maven-plugin) mvn(org.jboss.logging:jboss-logging) +BuildRequires: mvn(org.jboss.logging:jboss-logging-annotations) +BuildRequires: mvn(org.jboss.logging:jboss-logging-processor) +BuildRequires: mvn(org.jboss.spec.javax.annotation:jboss-annotations-api_1.2_spec) +BuildRequires: mvn(org.jboss.spec.javax.ejb:jboss-ejb-api_3.1_spec) +BuildRequires: mvn(org.jboss.spec.javax.el:jboss-el-api_3.0_spec) +BuildRequires: mvn(org.jboss.spec.javax.servlet:jboss-servlet-api_2.5_spec) +BuildRequires: mvn(org.jboss.spec.javax.servlet:jboss-servlet-api_3.1_spec) +BuildRequires: mvn(org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec) +BuildRequires: mvn(org.jboss.weld:weld-api) mvn(org.picketbox:picketbox) +BuildRequires: mvn(org.slf4j:slf4j-api) mvn(org.yaml:snakeyaml) +Requires: resteasy-core = %{version}-%{release} +Requires: resteasy-atom-provider = %{version}-%{release} +Requires: resteasy-jackson-provider = %{version}-%{release} +Requires: resteasy-jackson2-provider = %{version}-%{release} +Requires: resteasy-jaxb-provider = %{version}-%{release} +Requires: resteasy-jettison-provider = %{version}-%{release} +Requires: resteasy-json-p-provider = %{version}-%{release} +Requires: resteasy-multipart-provider = %{version}-%{release} +Requires: resteasy-validator-provider-11 = %{version}-%{release} +Requires: resteasy-yaml-provider = %{version}-%{release} +Requires: resteasy-client = %{version}-%{release} +Requires: resteasy-optional = %{version}-%{release} resteasy-test = %{version}-%{release} +Requires: resteasy-netty3 = %{version}-%{release} +%description +%global desc \ +RESTEasy contains a JBoss project that provides frameworks to help\ +build RESTful Web Services and RESTful Java applications. It is a fully\ +certified and portable implementation of the JAX-RS specification. +%{desc} +%global extdesc %{desc}\ +\ +This package contains + +%package javadoc +Summary: Javadoc for %{name} +%description javadoc +This package contains the API documentation for %{name}. + +%package core +Summary: Core modules for %{name} +Obsoletes: resteasy-jaxrs-api < 3.0.7 +%description core +%{extdesc} %{summary}. + +%package atom-provider +Summary: Module atom-provider for %{name} +%description atom-provider +%{extdesc} %{summary}. + +%package jackson-provider +Summary: Module jackson-provider for %{name} +%description jackson-provider +%{extdesc} %{summary}. + +%package jackson2-provider +Summary: Module jackson2-provider for %{name} +%description jackson2-provider +%{extdesc} %{summary}. + +%package jaxb-provider +Summary: Module jaxb-provider for %{name} +%description jaxb-provider +%{extdesc} %{summary}. + +%package jettison-provider +Summary: Module jettison-provider for %{name} +%description jettison-provider +%{extdesc} %{summary}. + +%package json-p-provider +Summary: Module json-p-provider for %{name} +%description json-p-provider +%{extdesc} %{summary}. + +%package multipart-provider +Summary: Module multipart-provider for %{name} +%description multipart-provider +%{extdesc} %{summary}. + +%package netty3 +Summary: Netty 3 Integration for %{name} +%description netty3 +%{extdesc} %{summary}. + +%package validator-provider-11 +Summary: Module validate-provider-11 for %{name} +%description validator-provider-11 +%{extdesc} %{summary}. + +%package yaml-provider +Summary: Module yaml-provider for %{name} +%description yaml-provider +%{extdesc} %{summary}. + +%package client +Summary: Client for %{name} +%description client +%{extdesc} %{summary}. + +%package optional +License: ASL 2.0 and BSD and LGPLv2+ +Summary: Optional modules for %{name} +%description optional +%{extdesc} %{summary}. + +%package test +Summary: Test modules for %{name} +%description test +%{extdesc} %{summary}. + +%prep +%setup -q -n Resteasy-%{namedversion} +%mvn_package ":resteasy-jaxrs" core +%mvn_package ":providers-pom" core +%mvn_package ":resteasy-jaxrs-all" core +%mvn_package ":resteasy-pom" core +%mvn_package ":resteasy-atom-provider" atom-provider +%mvn_package ":resteasy-jackson-provider" jackson-provider +%mvn_package ":resteasy-jackson2-provider" jackson2-provider +%mvn_package ":resteasy-jaxb-provider" jaxb-provider +%mvn_package ":resteasy-jettison-provider" jettison-provider +%mvn_package ":resteasy-json-p-provider" json-p-provider +%mvn_package ":resteasy-multipart-provider" multipart-provider +%mvn_package ":resteasy-validator-provider-11" validator-provider-11 +%mvn_package ":resteasy-yaml-provider" yaml-provider +%mvn_package ":resteasy-client" client +%mvn_package ":test-resteasy-html" test +%mvn_package ":test-all-jaxb" test +%mvn_package ":test-jackson-jaxb-coexistence" test +%mvn_package ":resteasy-jaxrs-testsuite" test +%mvn_package ":async-http-servlet-3.0" optional +%mvn_package ":asynch-http-servlet-3.0-pom" optional +%mvn_package ":http-adapter-pom" optional +%mvn_package ":jose-jwt" optional +%mvn_package ":resteasy-bom" optional +%mvn_package ":resteasy-cache-core" optional +%mvn_package ":resteasy-cache-pom" optional +%mvn_package ":resteasy-cdi" optional +%mvn_package ":resteasy-crypto" optional +%mvn_package ":resteasy-guice" optional +%mvn_package ":resteasy-html" optional +%mvn_package ":resteasy-jdk-http" optional +%mvn_package ":resteasy-jsapi" optional +%mvn_package ":resteasy-keystone-core" optional +%mvn_package ":resteasy-links" optional +%mvn_package ":resteasy-netty4" optional +%mvn_package ":resteasy-netty4-cdi" optional +%mvn_package ":resteasy-oauth" optional +%mvn_package ":resteasy-servlet-initializer" optional +%mvn_package ":resteasy-undertow" optional +%mvn_package ":resteasy-wadl" optional +%mvn_package ":security-pom" optional +%mvn_package ":tjws" optional +%mvn_package ":resteasy-netty" netty3 +find -name '*.jar' -print -delete +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%pom_disable_module resteasy-spring jaxrs +%pom_disable_module fastinfoset jaxrs/providers +%pom_disable_module examples jaxrs +%pom_disable_module profiling-tests jaxrs +%pom_disable_module resteasy-test-data jaxrs +%pom_disable_module war-tests jaxrs +%pom_disable_module jboss-modules jaxrs +%pom_disable_module login-module-authenticator jaxrs/security +%pom_disable_module skeleton-key-idm jaxrs/security +%pom_disable_module keystone/keystone-as7 jaxrs/security +%pom_disable_module keystone/keystone-as7-modules jaxrs/security +%pom_disable_module test-jackson-jaxb-coexistence jaxrs/providers +%pom_disable_module test-resteasy-html jaxrs/providers +%pom_disable_module arquillian jaxrs +%pom_disable_module async-http-servlet-3.0-test jaxrs/async-http-servlet-3.0 +%pom_disable_module callback-test jaxrs/async-http-servlet-3.0 +%pom_disable_module resteasy-hibernatevalidator-provider jaxrs/providers +%pom_remove_plugin com.atlassian.maven.plugins:maven-clover2-plugin jaxrs +%pom_remove_plugin com.atlassian.maven.plugins:maven-clover2-plugin jaxrs/resteasy-jaxrs +%pom_change_dep "javax.servlet:servlet-api" "org.jboss.spec.javax.servlet:jboss-servlet-api_2.5_spec" jaxrs/tjws +%pom_xpath_set pom:properties/pom:dep.netty.version 3 jaxrs +%pom_remove_dep -r javax.activation:activation jaxrs jaxrs/resteasy-jaxrs jaxrs/resteasy-test-data +%pom_remove_dep :tjws::test jaxrs/resteasy-jaxrs-testsuite +files=' +jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/annotations/Query.java +jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/QueryInjector.java +jaxrs/resteasy-jsapi/src/main/java/org/jboss/resteasy/jsapi/JSAPIWriter.java +jaxrs/resteasy-jsapi/src/main/java/org/jboss/resteasy/jsapi/JSAPIServlet.java +jaxrs/resteasy-jsapi/src/main/java/org/jboss/resteasy/jsapi/ServiceRegistry.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/AddLinks.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/ELProvider.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/LinkELProvider.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/LinkResource.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/LinkResources.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/ParentResource.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/RESTServiceDiscovery.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/ResourceFacade.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/ResourceID.java +jaxrs/resteasy-links/src/main/java/org/jboss/resteasy/links/ResourceIDs.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumer.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthException.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthFilter.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthMemoryProvider.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProvider.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProviderChecker.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthRequestToken.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthServlet.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthToken.java +jaxrs/security/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthValidator.java +' +for f in ${files}; do +native2ascii -encoding UTF8 ${f} ${f} +done +%pom_add_plugin org.apache.maven.plugins:maven-source-plugin jaxrs ' + + true +' + +%build +%mvn_build -f +find -name 'resteasy-*-%{namedversion}.jar' | while read f; do + java -cp $(build-classpath jandex) org.jboss.jandex.Main -j ${f} +done + +%install +%mvn_install +find -name "resteasy-*-jandex.jar" | while read f; do + install -pm 644 ${f} %{buildroot}%{_javadir}/%{name}/$(basename -s "-%{namedversion}-jandex.jar" $f)-jandex.jar +done + +%files +%doc README.md jaxrs/README.html +%license jaxrs/License.html + +%files core -f .mfiles-core +%{_javadir}/%{name}/resteasy-jaxrs-jandex.jar + +%files atom-provider -f .mfiles-atom-provider +%{_javadir}/%{name}/resteasy-atom-provider-jandex.jar + +%files jackson-provider -f .mfiles-jackson-provider +%{_javadir}/%{name}/resteasy-jackson-provider-jandex.jar + +%files jackson2-provider -f .mfiles-jackson2-provider +%{_javadir}/%{name}/resteasy-jackson2-provider-jandex.jar + +%files jaxb-provider -f .mfiles-jaxb-provider +%{_javadir}/%{name}/resteasy-jaxb-provider-jandex.jar + +%files jettison-provider -f .mfiles-jettison-provider +%{_javadir}/%{name}/resteasy-jettison-provider-jandex.jar + +%files json-p-provider -f .mfiles-json-p-provider +%{_javadir}/%{name}/resteasy-json-p-provider-jandex.jar + +%files multipart-provider -f .mfiles-multipart-provider +%{_javadir}/%{name}/resteasy-multipart-provider-jandex.jar + +%files netty3 -f .mfiles-netty3 +%{_javadir}/%{name}/resteasy-netty-jandex.jar + +%files validator-provider-11 -f .mfiles-validator-provider-11 +%{_javadir}/%{name}/resteasy-validator-provider-11-jandex.jar + +%files yaml-provider -f .mfiles-yaml-provider +%{_javadir}/%{name}/resteasy-yaml-provider-jandex.jar + +%files client -f .mfiles-client +%{_javadir}/%{name}/resteasy-client-jandex.jar + +%files optional -f .mfiles-optional +%{_javadir}/%{name}/resteasy-cache-core-jandex.jar +%{_javadir}/%{name}/resteasy-cdi-jandex.jar +%{_javadir}/%{name}/resteasy-crypto-jandex.jar +%{_javadir}/%{name}/resteasy-guice-jandex.jar +%{_javadir}/%{name}/resteasy-html-jandex.jar +%{_javadir}/%{name}/resteasy-jdk-http-jandex.jar +%{_javadir}/%{name}/resteasy-jsapi-jandex.jar +%{_javadir}/%{name}/resteasy-keystone-core-jandex.jar +%{_javadir}/%{name}/resteasy-links-jandex.jar +%{_javadir}/%{name}/resteasy-netty4-cdi-jandex.jar +%{_javadir}/%{name}/resteasy-netty4-jandex.jar +%{_javadir}/%{name}/resteasy-oauth-jandex.jar +%{_javadir}/%{name}/resteasy-servlet-initializer-jandex.jar +%{_javadir}/%{name}/resteasy-undertow-jandex.jar +%{_javadir}/%{name}/resteasy-wadl-jandex.jar + +%files test -f .mfiles-test +%{_javadir}/%{name}/resteasy-jaxrs-testsuite-jandex.jar + +%files javadoc -f .mfiles-javadoc +%license jaxrs/License.html + +%changelog +* Mon Feb 21 2022 wangkai - 3.0.19-6 +- Rebuild for fix log4j1.x cves + +* Tue Jan 04 2022 wangkai - 3.0.19-5 +- fix CVE-2020-1695 + +* Thu Jun 10 2021 wangyue - 3.0.19-4 +- fix CVE-2020-10688 + +* Thu Apr 22 2021 lingsheng - 3.0.19-3 +- fix CVE-2021-20289 + +* Fri Jan 29 2021 wangxiao - 3.0.19-2 +- fix CVE-2016-9606 + +* Wed Oct 28 2020 baizhonggui - 3.0.19-1 +- package init diff --git a/resteasy.yaml b/resteasy.yaml new file mode 100644 index 0000000000000000000000000000000000000000..85f2d8f1e3c2f58a7293d1b692dc377cc585baa6 --- /dev/null +++ b/resteasy.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: resteasy/Resteasy +tag_prefix: "^" +separator: "."