import httpcomponents-client-4.5.10-4.module+el8.6.0+13337+afcb49ec

This commit is contained in:
CentOS Sources 2022-05-10 03:06:06 -04:00 committed by Stepan Oksanichenko
parent a3cc2d365e
commit 5ea88dcd02
4 changed files with 145 additions and 13 deletions

View File

@ -1,14 +1,14 @@
From d9f08c36a39b035ec70a37cb6aac5f980cc57054 Mon Sep 17 00:00:00 2001 From e1c756ba18432e60600c57370076761bf4774ee7 Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com> From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Tue, 20 Jan 2015 16:04:31 +0100 Date: Tue, 20 Jan 2015 16:04:31 +0100
Subject: [PATCH 1/2] Use system copy of effective_tld_names.dat Subject: [PATCH 1/3] Use system copy of effective_tld_names.dat
--- ---
.../apache/http/conn/util/PublicSuffixMatcherLoader.java | 7 +++---- .../apache/http/conn/util/PublicSuffixMatcherLoader.java | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-) 1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java diff --git a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
index 8783c5b..c858220 100644 index 3d762c188..c7b5a7eb1 100644
--- a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java --- a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
+++ b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java +++ b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
@@ -82,11 +82,10 @@ public final class PublicSuffixMatcherLoader { @@ -82,11 +82,10 @@ public final class PublicSuffixMatcherLoader {
@ -27,5 +27,5 @@ index 8783c5b..c858220 100644
// Should never happen // Should never happen
final Log log = LogFactory.getLog(PublicSuffixMatcherLoader.class); final Log log = LogFactory.getLog(PublicSuffixMatcherLoader.class);
-- --
2.19.1 2.31.1

View File

@ -1,7 +1,7 @@
From 852a31061e2d46cc4bc1b5cfa388ed023de5095d Mon Sep 17 00:00:00 2001 From e089dcee616e2fd37897e1a95492f581d1f6c939 Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.booth@redhat.com> From: Mat Booth <mat.booth@redhat.com>
Date: Fri, 7 Dec 2018 18:01:27 +0000 Date: Fri, 7 Dec 2018 18:01:27 +0000
Subject: [PATCH 2/2] Port to mockito 2 Subject: [PATCH 2/3] Port to mockito 2
Gets it building, but disables tests that are caused by change in Gets it building, but disables tests that are caused by change in
behaviour of mockito that I didn't know how to fix behaviour of mockito that I didn't know how to fix
@ -14,7 +14,7 @@ behaviour of mockito that I didn't know how to fix
5 files changed, 8 insertions(+), 4 deletions(-) 5 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
index 282e11b..0411caf 100644 index 67f058ded..4a8cd1ab0 100644
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java --- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java +++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
@@ -288,6 +288,7 @@ public class TestAbortHandling extends LocalServerTestBase { @@ -288,6 +288,7 @@ public class TestAbortHandling extends LocalServerTestBase {
@ -26,7 +26,7 @@ index 282e11b..0411caf 100644
final HttpClientConnection conn = Mockito.mock(HttpClientConnection.class); final HttpClientConnection conn = Mockito.mock(HttpClientConnection.class);
final ConnectionRequest connrequest = Mockito.mock(ConnectionRequest.class); final ConnectionRequest connrequest = Mockito.mock(ConnectionRequest.class);
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
index f638031..31799cb 100644 index f6380313e..31799cbc1 100644
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java --- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java +++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
@@ -150,6 +150,7 @@ public class TestSPNegoScheme extends LocalServerTestBase { @@ -150,6 +150,7 @@ public class TestSPNegoScheme extends LocalServerTestBase {
@ -46,7 +46,7 @@ index f638031..31799cb 100644
this.serverBootstrap.registerHandler("*", new PleaseNegotiateService()); this.serverBootstrap.registerHandler("*", new PleaseNegotiateService());
final HttpHost target = start(); final HttpHost target = start();
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
index 2261da8..e922155 100644 index 7de9921e2..07b6bfccc 100644
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
@@ -402,6 +402,7 @@ public class TestMainClientExec { @@ -402,6 +402,7 @@ public class TestMainClientExec {
@ -65,7 +65,7 @@ index 2261da8..e922155 100644
\ No newline at end of file \ No newline at end of file
+} +}
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
index 9a96ba6..41eb023 100644 index 9a96ba686..41eb0236f 100644
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
@@ -256,6 +256,7 @@ public class TestMinimalClientExec { @@ -256,6 +256,7 @@ public class TestMinimalClientExec {
@ -77,7 +77,7 @@ index 9a96ba6..41eb023 100644
final HttpRoute route = new HttpRoute(target); final HttpRoute route = new HttpRoute(target);
final HttpClientContext context = new HttpClientContext(); final HttpClientContext context = new HttpClientContext();
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
index 5621a3f..23506dc 100644 index a5d0591da..78b1af440 100644
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java --- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java +++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
@@ -349,7 +349,7 @@ public class TestRedirectExec { @@ -349,7 +349,7 @@ public class TestRedirectExec {
@ -100,5 +100,5 @@ index 5621a3f..23506dc 100644
} }
-- --
2.19.1 2.31.1

View File

@ -0,0 +1,126 @@
From 0ac5caeaed1fa0354e02e0609f2c726b1b72eb8c Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Tue, 29 Sep 2020 09:37:38 +0200
Subject: [PATCH 3/3] Incorrect handling of malformed authority component by
URIUtils#extractHost
---
.../apache/http/client/utils/URIUtils.java | 69 ++++++++-----------
.../http/client/utils/TestURIUtils.java | 6 +-
2 files changed, 32 insertions(+), 43 deletions(-)
diff --git a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
index 8eb7667e3..aa3431f6f 100644
--- a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
+++ b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
@@ -419,56 +419,43 @@ public class URIUtils {
if (uri == null) {
return null;
}
- HttpHost target = null;
if (uri.isAbsolute()) {
- int port = uri.getPort(); // may be overridden later
- String host = uri.getHost();
- if (host == null) { // normal parse failed; let's do it ourselves
+ if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
// authority does not seem to care about the valid character-set for host names
- host = uri.getAuthority();
- if (host != null) {
+ if (uri.getAuthority() != null) {
+ String content = uri.getAuthority();
// Strip off any leading user credentials
- final int at = host.indexOf('@');
- if (at >= 0) {
- if (host.length() > at+1 ) {
- host = host.substring(at+1);
- } else {
- host = null; // @ on its own
- }
+ int at = content.indexOf('@');
+ if (at != -1) {
+ content = content.substring(at + 1);
}
- // Extract the port suffix, if present
- if (host != null) {
- final int colon = host.indexOf(':');
- if (colon >= 0) {
- final int pos = colon + 1;
- int len = 0;
- for (int i = pos; i < host.length(); i++) {
- if (Character.isDigit(host.charAt(i))) {
- len++;
- } else {
- break;
- }
- }
- if (len > 0) {
- try {
- port = Integer.parseInt(host.substring(pos, pos + len));
- } catch (final NumberFormatException ex) {
- }
- }
- host = host.substring(0, colon);
+ final String scheme = uri.getScheme();
+ final String hostname;
+ final int port;
+ at = content.indexOf(":");
+ if (at != -1) {
+ hostname = content.substring(0, at);
+ try {
+ final String portText = content.substring(at + 1);
+ port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
+ } catch (final NumberFormatException ex) {
+ return null;
}
+ } else {
+ hostname = content;
+ port = -1;
+ }
+ try {
+ return new HttpHost(hostname, port, scheme);
+ } catch (final IllegalArgumentException ex) {
+ return null;
}
}
- }
- final String scheme = uri.getScheme();
- if (!TextUtils.isBlank(host)) {
- try {
- target = new HttpHost(host, port, scheme);
- } catch (final IllegalArgumentException ignore) {
- }
+ } else {
+ return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
}
}
- return target;
+ return null;
}
/**
diff --git a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
index 189966635..98a44bc1c 100644
--- a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
+++ b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
@@ -273,14 +273,16 @@ public class TestURIUtils {
Assert.assertEquals(new HttpHost("localhost",8080),
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
- Assert.assertEquals(new HttpHost("localhost",8080),
+ Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
- Assert.assertEquals(new HttpHost("localhost",-1),
+ Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://:80/robots.txt")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
+ Assert.assertEquals(null,
+ URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
}
@Test
--
2.31.1

View File

@ -1,7 +1,7 @@
Name: httpcomponents-client Name: httpcomponents-client
Summary: HTTP agent implementation based on httpcomponents HttpCore Summary: HTTP agent implementation based on httpcomponents HttpCore
Version: 4.5.10 Version: 4.5.10
Release: 3%{?dist} Release: 4%{?dist}
License: ASL 2.0 License: ASL 2.0
URL: http://hc.apache.org/ URL: http://hc.apache.org/
Source0: http://www.apache.org/dist/httpcomponents/httpclient/source/%{name}-%{version}-src.tar.gz Source0: http://www.apache.org/dist/httpcomponents/httpclient/source/%{name}-%{version}-src.tar.gz
@ -9,6 +9,7 @@ BuildArch: noarch
Patch0: 0001-Use-system-copy-of-effective_tld_names.dat.patch Patch0: 0001-Use-system-copy-of-effective_tld_names.dat.patch
Patch1: 0002-Port-to-mockito-2.patch Patch1: 0002-Port-to-mockito-2.patch
Patch2: 0003-Incorrect-handling-of-malformed-authority-component-.patch
BuildRequires: maven-local-openjdk8 BuildRequires: maven-local-openjdk8
BuildRequires: %{?module_prefix}mvn(commons-codec:commons-codec) BuildRequires: %{?module_prefix}mvn(commons-codec:commons-codec)
@ -47,6 +48,7 @@ encouraged to upgrade.
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%mvn_package :::tests: __noinstall %mvn_package :::tests: __noinstall
@ -126,6 +128,10 @@ rm httpclient/src/test/java/org/apache/http/client/config/TestRequestConfig.java
%doc README.txt RELEASE_NOTES.txt %doc README.txt RELEASE_NOTES.txt
%changelog %changelog
* Sat Sep 25 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-4
- Fix incorrect handling of malformed authority component in request URIs
- Resolves: CVE-2020-13956
* Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-3 * Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-3
- Build with OpenJDK 8 - Build with OpenJDK 8