diff --git a/SOURCES/0001-Use-system-copy-of-effective_tld_names.dat.patch b/SOURCES/0001-Use-system-copy-of-effective_tld_names.dat.patch index e4e0f7c..aa8d09f 100644 --- a/SOURCES/0001-Use-system-copy-of-effective_tld_names.dat.patch +++ b/SOURCES/0001-Use-system-copy-of-effective_tld_names.dat.patch @@ -1,14 +1,14 @@ -From d9f08c36a39b035ec70a37cb6aac5f980cc57054 Mon Sep 17 00:00:00 2001 +From e1c756ba18432e60600c57370076761bf4774ee7 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Tue, 20 Jan 2015 16:04:31 +0100 -Subject: [PATCH 1/2] Use system copy of effective_tld_names.dat +Subject: [PATCH 1/3] Use system copy of effective_tld_names.dat --- .../apache/http/conn/util/PublicSuffixMatcherLoader.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java -index 8783c5b..c858220 100644 +index 3d762c188..c7b5a7eb1 100644 --- a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java +++ b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java @@ -82,11 +82,10 @@ public final class PublicSuffixMatcherLoader { @@ -27,5 +27,5 @@ index 8783c5b..c858220 100644 // Should never happen final Log log = LogFactory.getLog(PublicSuffixMatcherLoader.class); -- -2.19.1 +2.31.1 diff --git a/SOURCES/0002-Port-to-mockito-2.patch b/SOURCES/0002-Port-to-mockito-2.patch index 606c615..9b8eb05 100644 --- a/SOURCES/0002-Port-to-mockito-2.patch +++ b/SOURCES/0002-Port-to-mockito-2.patch @@ -1,7 +1,7 @@ -From 852a31061e2d46cc4bc1b5cfa388ed023de5095d Mon Sep 17 00:00:00 2001 +From e089dcee616e2fd37897e1a95492f581d1f6c939 Mon Sep 17 00:00:00 2001 From: Mat Booth Date: Fri, 7 Dec 2018 18:01:27 +0000 -Subject: [PATCH 2/2] Port to mockito 2 +Subject: [PATCH 2/3] Port to mockito 2 Gets it building, but disables tests that are caused by change in behaviour of mockito that I didn't know how to fix @@ -14,7 +14,7 @@ behaviour of mockito that I didn't know how to fix 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java -index 282e11b..0411caf 100644 +index 67f058ded..4a8cd1ab0 100644 --- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java +++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java @@ -288,6 +288,7 @@ public class TestAbortHandling extends LocalServerTestBase { @@ -26,7 +26,7 @@ index 282e11b..0411caf 100644 final HttpClientConnection conn = Mockito.mock(HttpClientConnection.class); final ConnectionRequest connrequest = Mockito.mock(ConnectionRequest.class); diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java -index f638031..31799cb 100644 +index f6380313e..31799cbc1 100644 --- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java +++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java @@ -150,6 +150,7 @@ public class TestSPNegoScheme extends LocalServerTestBase { @@ -46,7 +46,7 @@ index f638031..31799cb 100644 this.serverBootstrap.registerHandler("*", new PleaseNegotiateService()); final HttpHost target = start(); diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java -index 2261da8..e922155 100644 +index 7de9921e2..07b6bfccc 100644 --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java @@ -402,6 +402,7 @@ public class TestMainClientExec { @@ -65,7 +65,7 @@ index 2261da8..e922155 100644 \ No newline at end of file +} diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java -index 9a96ba6..41eb023 100644 +index 9a96ba686..41eb0236f 100644 --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java @@ -256,6 +256,7 @@ public class TestMinimalClientExec { @@ -77,7 +77,7 @@ index 9a96ba6..41eb023 100644 final HttpRoute route = new HttpRoute(target); final HttpClientContext context = new HttpClientContext(); diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java -index 5621a3f..23506dc 100644 +index a5d0591da..78b1af440 100644 --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java @@ -349,7 +349,7 @@ public class TestRedirectExec { @@ -100,5 +100,5 @@ index 5621a3f..23506dc 100644 } -- -2.19.1 +2.31.1 diff --git a/SOURCES/0003-Incorrect-handling-of-malformed-authority-component-.patch b/SOURCES/0003-Incorrect-handling-of-malformed-authority-component-.patch new file mode 100644 index 0000000..b4dd426 --- /dev/null +++ b/SOURCES/0003-Incorrect-handling-of-malformed-authority-component-.patch @@ -0,0 +1,126 @@ +From 0ac5caeaed1fa0354e02e0609f2c726b1b72eb8c Mon Sep 17 00:00:00 2001 +From: Oleg Kalnichevski +Date: Tue, 29 Sep 2020 09:37:38 +0200 +Subject: [PATCH 3/3] Incorrect handling of malformed authority component by + URIUtils#extractHost + +--- + .../apache/http/client/utils/URIUtils.java | 69 ++++++++----------- + .../http/client/utils/TestURIUtils.java | 6 +- + 2 files changed, 32 insertions(+), 43 deletions(-) + +diff --git a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java +index 8eb7667e3..aa3431f6f 100644 +--- a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java ++++ b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java +@@ -419,56 +419,43 @@ public class URIUtils { + if (uri == null) { + return null; + } +- HttpHost target = null; + if (uri.isAbsolute()) { +- int port = uri.getPort(); // may be overridden later +- String host = uri.getHost(); +- if (host == null) { // normal parse failed; let's do it ourselves ++ if (uri.getHost() == null) { // normal parse failed; let's do it ourselves + // authority does not seem to care about the valid character-set for host names +- host = uri.getAuthority(); +- if (host != null) { ++ if (uri.getAuthority() != null) { ++ String content = uri.getAuthority(); + // Strip off any leading user credentials +- final int at = host.indexOf('@'); +- if (at >= 0) { +- if (host.length() > at+1 ) { +- host = host.substring(at+1); +- } else { +- host = null; // @ on its own +- } ++ int at = content.indexOf('@'); ++ if (at != -1) { ++ content = content.substring(at + 1); + } +- // Extract the port suffix, if present +- if (host != null) { +- final int colon = host.indexOf(':'); +- if (colon >= 0) { +- final int pos = colon + 1; +- int len = 0; +- for (int i = pos; i < host.length(); i++) { +- if (Character.isDigit(host.charAt(i))) { +- len++; +- } else { +- break; +- } +- } +- if (len > 0) { +- try { +- port = Integer.parseInt(host.substring(pos, pos + len)); +- } catch (final NumberFormatException ex) { +- } +- } +- host = host.substring(0, colon); ++ final String scheme = uri.getScheme(); ++ final String hostname; ++ final int port; ++ at = content.indexOf(":"); ++ if (at != -1) { ++ hostname = content.substring(0, at); ++ try { ++ final String portText = content.substring(at + 1); ++ port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1; ++ } catch (final NumberFormatException ex) { ++ return null; + } ++ } else { ++ hostname = content; ++ port = -1; ++ } ++ try { ++ return new HttpHost(hostname, port, scheme); ++ } catch (final IllegalArgumentException ex) { ++ return null; + } + } +- } +- final String scheme = uri.getScheme(); +- if (!TextUtils.isBlank(host)) { +- try { +- target = new HttpHost(host, port, scheme); +- } catch (final IllegalArgumentException ignore) { +- } ++ } else { ++ return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme()); + } + } +- return target; ++ return null; + } + + /** +diff --git a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java +index 189966635..98a44bc1c 100644 +--- a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java ++++ b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java +@@ -273,14 +273,16 @@ public class TestURIUtils { + + Assert.assertEquals(new HttpHost("localhost",8080), + URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd"))); +- Assert.assertEquals(new HttpHost("localhost",8080), ++ Assert.assertEquals(null, + URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd"))); +- Assert.assertEquals(new HttpHost("localhost",-1), ++ Assert.assertEquals(null, + URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd"))); + Assert.assertEquals(null, + URIUtils.extractHost(new URI("http://:80/robots.txt"))); + Assert.assertEquals(null, + URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt"))); ++ Assert.assertEquals(null, ++ URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/"))); + } + + @Test +-- +2.31.1 + diff --git a/SPECS/httpcomponents-client.spec b/SPECS/httpcomponents-client.spec index 601fa2f..10c7cee 100644 --- a/SPECS/httpcomponents-client.spec +++ b/SPECS/httpcomponents-client.spec @@ -1,7 +1,7 @@ Name: httpcomponents-client Summary: HTTP agent implementation based on httpcomponents HttpCore Version: 4.5.10 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 URL: http://hc.apache.org/ Source0: http://www.apache.org/dist/httpcomponents/httpclient/source/%{name}-%{version}-src.tar.gz @@ -9,6 +9,7 @@ BuildArch: noarch Patch0: 0001-Use-system-copy-of-effective_tld_names.dat.patch Patch1: 0002-Port-to-mockito-2.patch +Patch2: 0003-Incorrect-handling-of-malformed-authority-component-.patch BuildRequires: maven-local-openjdk8 BuildRequires: %{?module_prefix}mvn(commons-codec:commons-codec) @@ -47,6 +48,7 @@ encouraged to upgrade. %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 %mvn_package :::tests: __noinstall @@ -126,6 +128,10 @@ rm httpclient/src/test/java/org/apache/http/client/config/TestRequestConfig.java %doc README.txt RELEASE_NOTES.txt %changelog +* Sat Sep 25 2021 Mikolaj Izdebski - 4.5.10-4 +- Fix incorrect handling of malformed authority component in request URIs +- Resolves: CVE-2020-13956 + * Sat Jan 25 2020 Mikolaj Izdebski - 4.5.10-3 - Build with OpenJDK 8