import httpcomponents-client-4.5.10-4.module+el8.6.0+13337+afcb49ec
This commit is contained in:
parent
a3cc2d365e
commit
5ea88dcd02
@ -1,14 +1,14 @@
|
|||||||
From d9f08c36a39b035ec70a37cb6aac5f980cc57054 Mon Sep 17 00:00:00 2001
|
From e1c756ba18432e60600c57370076761bf4774ee7 Mon Sep 17 00:00:00 2001
|
||||||
From: Mikolaj Izdebski <mizdebsk@redhat.com>
|
From: Mikolaj Izdebski <mizdebsk@redhat.com>
|
||||||
Date: Tue, 20 Jan 2015 16:04:31 +0100
|
Date: Tue, 20 Jan 2015 16:04:31 +0100
|
||||||
Subject: [PATCH 1/2] Use system copy of effective_tld_names.dat
|
Subject: [PATCH 1/3] Use system copy of effective_tld_names.dat
|
||||||
|
|
||||||
---
|
---
|
||||||
.../apache/http/conn/util/PublicSuffixMatcherLoader.java | 7 +++----
|
.../apache/http/conn/util/PublicSuffixMatcherLoader.java | 7 +++----
|
||||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
diff --git a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
||||||
index 8783c5b..c858220 100644
|
index 3d762c188..c7b5a7eb1 100644
|
||||||
--- a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
--- a/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
||||||
+++ b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
+++ b/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcherLoader.java
|
||||||
@@ -82,11 +82,10 @@ public final class PublicSuffixMatcherLoader {
|
@@ -82,11 +82,10 @@ public final class PublicSuffixMatcherLoader {
|
||||||
@ -27,5 +27,5 @@ index 8783c5b..c858220 100644
|
|||||||
// Should never happen
|
// Should never happen
|
||||||
final Log log = LogFactory.getLog(PublicSuffixMatcherLoader.class);
|
final Log log = LogFactory.getLog(PublicSuffixMatcherLoader.class);
|
||||||
--
|
--
|
||||||
2.19.1
|
2.31.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 852a31061e2d46cc4bc1b5cfa388ed023de5095d Mon Sep 17 00:00:00 2001
|
From e089dcee616e2fd37897e1a95492f581d1f6c939 Mon Sep 17 00:00:00 2001
|
||||||
From: Mat Booth <mat.booth@redhat.com>
|
From: Mat Booth <mat.booth@redhat.com>
|
||||||
Date: Fri, 7 Dec 2018 18:01:27 +0000
|
Date: Fri, 7 Dec 2018 18:01:27 +0000
|
||||||
Subject: [PATCH 2/2] Port to mockito 2
|
Subject: [PATCH 2/3] Port to mockito 2
|
||||||
|
|
||||||
Gets it building, but disables tests that are caused by change in
|
Gets it building, but disables tests that are caused by change in
|
||||||
behaviour of mockito that I didn't know how to fix
|
behaviour of mockito that I didn't know how to fix
|
||||||
@ -14,7 +14,7 @@ behaviour of mockito that I didn't know how to fix
|
|||||||
5 files changed, 8 insertions(+), 4 deletions(-)
|
5 files changed, 8 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
||||||
index 282e11b..0411caf 100644
|
index 67f058ded..4a8cd1ab0 100644
|
||||||
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
||||||
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestAbortHandling.java
|
||||||
@@ -288,6 +288,7 @@ public class TestAbortHandling extends LocalServerTestBase {
|
@@ -288,6 +288,7 @@ public class TestAbortHandling extends LocalServerTestBase {
|
||||||
@ -26,7 +26,7 @@ index 282e11b..0411caf 100644
|
|||||||
final HttpClientConnection conn = Mockito.mock(HttpClientConnection.class);
|
final HttpClientConnection conn = Mockito.mock(HttpClientConnection.class);
|
||||||
final ConnectionRequest connrequest = Mockito.mock(ConnectionRequest.class);
|
final ConnectionRequest connrequest = Mockito.mock(ConnectionRequest.class);
|
||||||
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
||||||
index f638031..31799cb 100644
|
index f6380313e..31799cbc1 100644
|
||||||
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
--- a/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
||||||
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
+++ b/httpclient/src/test/java/org/apache/http/impl/client/integration/TestSPNegoScheme.java
|
||||||
@@ -150,6 +150,7 @@ public class TestSPNegoScheme extends LocalServerTestBase {
|
@@ -150,6 +150,7 @@ public class TestSPNegoScheme extends LocalServerTestBase {
|
||||||
@ -46,7 +46,7 @@ index f638031..31799cb 100644
|
|||||||
this.serverBootstrap.registerHandler("*", new PleaseNegotiateService());
|
this.serverBootstrap.registerHandler("*", new PleaseNegotiateService());
|
||||||
final HttpHost target = start();
|
final HttpHost target = start();
|
||||||
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
||||||
index 2261da8..e922155 100644
|
index 7de9921e2..07b6bfccc 100644
|
||||||
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
||||||
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
|
||||||
@@ -402,6 +402,7 @@ public class TestMainClientExec {
|
@@ -402,6 +402,7 @@ public class TestMainClientExec {
|
||||||
@ -65,7 +65,7 @@ index 2261da8..e922155 100644
|
|||||||
\ No newline at end of file
|
\ No newline at end of file
|
||||||
+}
|
+}
|
||||||
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
||||||
index 9a96ba6..41eb023 100644
|
index 9a96ba686..41eb0236f 100644
|
||||||
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
||||||
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMinimalClientExec.java
|
||||||
@@ -256,6 +256,7 @@ public class TestMinimalClientExec {
|
@@ -256,6 +256,7 @@ public class TestMinimalClientExec {
|
||||||
@ -77,7 +77,7 @@ index 9a96ba6..41eb023 100644
|
|||||||
final HttpRoute route = new HttpRoute(target);
|
final HttpRoute route = new HttpRoute(target);
|
||||||
final HttpClientContext context = new HttpClientContext();
|
final HttpClientContext context = new HttpClientContext();
|
||||||
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
diff --git a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
||||||
index 5621a3f..23506dc 100644
|
index a5d0591da..78b1af440 100644
|
||||||
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
||||||
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestRedirectExec.java
|
||||||
@@ -349,7 +349,7 @@ public class TestRedirectExec {
|
@@ -349,7 +349,7 @@ public class TestRedirectExec {
|
||||||
@ -100,5 +100,5 @@ index 5621a3f..23506dc 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
--
|
--
|
||||||
2.19.1
|
2.31.1
|
||||||
|
|
||||||
|
@ -0,0 +1,126 @@
|
|||||||
|
From 0ac5caeaed1fa0354e02e0609f2c726b1b72eb8c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oleg Kalnichevski <olegk@apache.org>
|
||||||
|
Date: Tue, 29 Sep 2020 09:37:38 +0200
|
||||||
|
Subject: [PATCH 3/3] Incorrect handling of malformed authority component by
|
||||||
|
URIUtils#extractHost
|
||||||
|
|
||||||
|
---
|
||||||
|
.../apache/http/client/utils/URIUtils.java | 69 ++++++++-----------
|
||||||
|
.../http/client/utils/TestURIUtils.java | 6 +-
|
||||||
|
2 files changed, 32 insertions(+), 43 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
||||||
|
index 8eb7667e3..aa3431f6f 100644
|
||||||
|
--- a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
||||||
|
+++ b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
||||||
|
@@ -419,56 +419,43 @@ public class URIUtils {
|
||||||
|
if (uri == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
- HttpHost target = null;
|
||||||
|
if (uri.isAbsolute()) {
|
||||||
|
- int port = uri.getPort(); // may be overridden later
|
||||||
|
- String host = uri.getHost();
|
||||||
|
- if (host == null) { // normal parse failed; let's do it ourselves
|
||||||
|
+ if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
|
||||||
|
// authority does not seem to care about the valid character-set for host names
|
||||||
|
- host = uri.getAuthority();
|
||||||
|
- if (host != null) {
|
||||||
|
+ if (uri.getAuthority() != null) {
|
||||||
|
+ String content = uri.getAuthority();
|
||||||
|
// Strip off any leading user credentials
|
||||||
|
- final int at = host.indexOf('@');
|
||||||
|
- if (at >= 0) {
|
||||||
|
- if (host.length() > at+1 ) {
|
||||||
|
- host = host.substring(at+1);
|
||||||
|
- } else {
|
||||||
|
- host = null; // @ on its own
|
||||||
|
- }
|
||||||
|
+ int at = content.indexOf('@');
|
||||||
|
+ if (at != -1) {
|
||||||
|
+ content = content.substring(at + 1);
|
||||||
|
}
|
||||||
|
- // Extract the port suffix, if present
|
||||||
|
- if (host != null) {
|
||||||
|
- final int colon = host.indexOf(':');
|
||||||
|
- if (colon >= 0) {
|
||||||
|
- final int pos = colon + 1;
|
||||||
|
- int len = 0;
|
||||||
|
- for (int i = pos; i < host.length(); i++) {
|
||||||
|
- if (Character.isDigit(host.charAt(i))) {
|
||||||
|
- len++;
|
||||||
|
- } else {
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if (len > 0) {
|
||||||
|
- try {
|
||||||
|
- port = Integer.parseInt(host.substring(pos, pos + len));
|
||||||
|
- } catch (final NumberFormatException ex) {
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- host = host.substring(0, colon);
|
||||||
|
+ final String scheme = uri.getScheme();
|
||||||
|
+ final String hostname;
|
||||||
|
+ final int port;
|
||||||
|
+ at = content.indexOf(":");
|
||||||
|
+ if (at != -1) {
|
||||||
|
+ hostname = content.substring(0, at);
|
||||||
|
+ try {
|
||||||
|
+ final String portText = content.substring(at + 1);
|
||||||
|
+ port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
|
||||||
|
+ } catch (final NumberFormatException ex) {
|
||||||
|
+ return null;
|
||||||
|
}
|
||||||
|
+ } else {
|
||||||
|
+ hostname = content;
|
||||||
|
+ port = -1;
|
||||||
|
+ }
|
||||||
|
+ try {
|
||||||
|
+ return new HttpHost(hostname, port, scheme);
|
||||||
|
+ } catch (final IllegalArgumentException ex) {
|
||||||
|
+ return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
- final String scheme = uri.getScheme();
|
||||||
|
- if (!TextUtils.isBlank(host)) {
|
||||||
|
- try {
|
||||||
|
- target = new HttpHost(host, port, scheme);
|
||||||
|
- } catch (final IllegalArgumentException ignore) {
|
||||||
|
- }
|
||||||
|
+ } else {
|
||||||
|
+ return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- return target;
|
||||||
|
+ return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
||||||
|
index 189966635..98a44bc1c 100644
|
||||||
|
--- a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
||||||
|
+++ b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
||||||
|
@@ -273,14 +273,16 @@ public class TestURIUtils {
|
||||||
|
|
||||||
|
Assert.assertEquals(new HttpHost("localhost",8080),
|
||||||
|
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
|
||||||
|
- Assert.assertEquals(new HttpHost("localhost",8080),
|
||||||
|
+ Assert.assertEquals(null,
|
||||||
|
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
|
||||||
|
- Assert.assertEquals(new HttpHost("localhost",-1),
|
||||||
|
+ Assert.assertEquals(null,
|
||||||
|
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
|
||||||
|
Assert.assertEquals(null,
|
||||||
|
URIUtils.extractHost(new URI("http://:80/robots.txt")));
|
||||||
|
Assert.assertEquals(null,
|
||||||
|
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
|
||||||
|
+ Assert.assertEquals(null,
|
||||||
|
+ URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Name: httpcomponents-client
|
Name: httpcomponents-client
|
||||||
Summary: HTTP agent implementation based on httpcomponents HttpCore
|
Summary: HTTP agent implementation based on httpcomponents HttpCore
|
||||||
Version: 4.5.10
|
Version: 4.5.10
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://hc.apache.org/
|
URL: http://hc.apache.org/
|
||||||
Source0: http://www.apache.org/dist/httpcomponents/httpclient/source/%{name}-%{version}-src.tar.gz
|
Source0: http://www.apache.org/dist/httpcomponents/httpclient/source/%{name}-%{version}-src.tar.gz
|
||||||
@ -9,6 +9,7 @@ BuildArch: noarch
|
|||||||
|
|
||||||
Patch0: 0001-Use-system-copy-of-effective_tld_names.dat.patch
|
Patch0: 0001-Use-system-copy-of-effective_tld_names.dat.patch
|
||||||
Patch1: 0002-Port-to-mockito-2.patch
|
Patch1: 0002-Port-to-mockito-2.patch
|
||||||
|
Patch2: 0003-Incorrect-handling-of-malformed-authority-component-.patch
|
||||||
|
|
||||||
BuildRequires: maven-local-openjdk8
|
BuildRequires: maven-local-openjdk8
|
||||||
BuildRequires: %{?module_prefix}mvn(commons-codec:commons-codec)
|
BuildRequires: %{?module_prefix}mvn(commons-codec:commons-codec)
|
||||||
@ -47,6 +48,7 @@ encouraged to upgrade.
|
|||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
%mvn_package :::tests: __noinstall
|
%mvn_package :::tests: __noinstall
|
||||||
|
|
||||||
@ -126,6 +128,10 @@ rm httpclient/src/test/java/org/apache/http/client/config/TestRequestConfig.java
|
|||||||
%doc README.txt RELEASE_NOTES.txt
|
%doc README.txt RELEASE_NOTES.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Sep 25 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-4
|
||||||
|
- Fix incorrect handling of malformed authority component in request URIs
|
||||||
|
- Resolves: CVE-2020-13956
|
||||||
|
|
||||||
* Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-3
|
* Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 4.5.10-3
|
||||||
- Build with OpenJDK 8
|
- Build with OpenJDK 8
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user