Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/resteasy.git#dd38accbc59b1e4b51fef9fd14896228d4565711
This commit is contained in:
DistroBaker
parent
962a862a58
commit
8b5c3e3167
|
|
@ -4,3 +4,4 @@
|
|||
/3.0.17.Final.tar.gz
|
||||
/resteasy-3.0.19.Final.tar.gz
|
||||
/resteasy-3.0.26.Final.tar.gz
|
||||
Resteasy-3.0.26.Final
|
||||
|
|
|
|||
|
|
@ -0,0 +1,47 @@
|
|||
From f58a22382e31c0c4b92e519fa84f701a606981ac Mon Sep 17 00:00:00 2001
|
||||
From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
|
||||
Date: Thu, 16 Apr 2020 14:01:17 +0100
|
||||
Subject: [PATCH] [RESTEASY-2559] Improper validation of response header in
|
||||
MediaTypeHeaderDelegate.java class
|
||||
|
||||
---
|
||||
.../plugins/delegates/MediaTypeHeaderDelegate.java | 1 +
|
||||
.../test/mediatype/MediaTypeHeaderTest.java | 14 ++++++++++++++
|
||||
2 files changed, 15 insertions(+)
|
||||
create mode 100644 testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
|
||||
|
||||
diff --git a/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java b/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
|
||||
index db0b4d588..b31d4376e 100755
|
||||
--- a/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
|
||||
+++ b/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
|
||||
@@ -89,6 +89,7 @@ public class MediaTypeHeaderDelegate implements RuntimeDelegate.HeaderDelegate
|
||||
case '[':
|
||||
case ']':
|
||||
case '=':
|
||||
+ case '\n':
|
||||
return false;
|
||||
default:
|
||||
break;
|
||||
diff --git a/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
|
||||
new file mode 100644
|
||||
index 000000000..e46f018f7
|
||||
--- /dev/null
|
||||
+++ b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
|
||||
@@ -0,0 +1,14 @@
|
||||
+package org.jboss.resteasy.test.mediatype;
|
||||
+
|
||||
+import org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate;
|
||||
+import org.junit.Test;
|
||||
+
|
||||
+public class MediaTypeHeaderTest {
|
||||
+
|
||||
+ @Test(expected = IllegalArgumentException.class)
|
||||
+ public void testNewLineInHeaderValueIsRejected() {
|
||||
+ MediaTypeHeaderDelegate delegate = new MediaTypeHeaderDelegate();
|
||||
+
|
||||
+ delegate.fromString("foo/bar\n");
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
|
@ -3,11 +3,12 @@
|
|||
|
||||
Name: resteasy
|
||||
Version: 3.0.26
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Summary: Framework for RESTful Web services and Java applications
|
||||
License: ASL 2.0 and CDDL
|
||||
URL: http://resteasy.jboss.org/
|
||||
Source0: https://github.com/resteasy/Resteasy/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz
|
||||
Patch1: 0001-RESTEASY-2559-Improper-validation-of-response-header.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
|
|
@ -101,6 +102,7 @@ Summary: Client for %{name}
|
|||
|
||||
%prep
|
||||
%setup -q -n Resteasy-%{namedversion}
|
||||
%patch1 -p1
|
||||
|
||||
%pom_disable_module arquillian
|
||||
%pom_disable_module eagledns
|
||||
|
|
@ -209,6 +211,10 @@ find -name '*.jar' -print -delete
|
|||
%license License.html
|
||||
|
||||
%changelog
|
||||
* Mon Nov 30 2020 Alexander Scheel <ascheel@redhat.com> - 3.0.26-6
|
||||
- CVE-2020-1695: Improper validation of response header in MediaTypeHeaderDelegate.java class
|
||||
Resolves: rh-bz#1845547
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.26-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue