commit netty3 for openSUSE:Factory

Fri, 08 Apr 2022 13:45:47 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package netty3 for openSUSE:Factory checked 
in at 2022-04-08 22:45:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/netty3 (Old)
 and      /work/SRC/openSUSE:Factory/.netty3.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "netty3"

Fri Apr  8 22:45:32 2022 rev:9 rq:967671 version:3.10.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/netty3/netty3.changes    2022-03-30 
20:36:35.089348712 +0200
+++ /work/SRC/openSUSE:Factory/.netty3.new.1900/netty3.changes  2022-04-08 
22:45:36.075217392 +0200
@@ -1,0 +2,6 @@
+Fri Apr  8 06:00:41 UTC 2022 - Fridrich Strba <fst...@suse.com>
+
+- netty3-CVE-2021-43797.patch
+  * backport upstream fix for bsc#1193672, CVE-2021-43797
+
+-------------------------------------------------------------------

New:
----
  netty3-CVE-2021-43797.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ netty3.spec ++++++
--- /var/tmp/diff_new_pack.8m3WJ0/_old  2022-04-08 22:45:36.727210156 +0200
+++ /var/tmp/diff_new_pack.8m3WJ0/_new  2022-04-08 22:45:36.731210112 +0200
@@ -29,6 +29,7 @@
 Patch0:         netty-3.10.6-port-to-jzlib-1.1.0.patch
 Patch1:         disableNPN.patch
 Patch2:         x509certificate.patch
+Patch3:         netty3-CVE-2021-43797.patch
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
 BuildRequires:  maven-local
@@ -129,6 +130,8 @@
 %patch2 -p1
 %pom_add_dep org.bouncycastle:bcprov-jdk16
 
+%patch3 -p1
+
 # adapting to excluded dep
 rm -v src/main/java/org/jboss/netty/handler/ssl/JettyNpnSslEngine.java
 

++++++ netty3-CVE-2021-43797.patch ++++++
--- 
netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/codec/http/HttpHeaders.java
  2022-04-08 07:29:00.589842153 +0200
+++ 
netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/codec/http/HttpHeaders.java
  2022-04-08 07:42:08.442644937 +0200
@@ -1035,6 +1035,7 @@
 
         //Check for prohibited characters.
         switch (c) {
+            case 0x1c: case 0x1d: case 0x1e: case 0x1f: case 0x00:
             case '\t': case '\n': case 0x0b: case '\f': case '\r':
             case ' ':  case ',':  case ':':  case ';':  case '=':
                 throw new IllegalArgumentException(

Reply via email to