Upgrade to 2.0.27 for fix CVE-2024-52046

2024-12-30 10:23:18 +08:00 · 2024-12-30 10:23:18 +08:00 · 79a7b7bdcd
commit 79a7b7bdcd
parent dfbdccdbe8
4 changed files with 7 additions and 26 deletions
--- a/2.0.21.tar.gz
+++ b/2.0.21.tar.gz
--- a/2.0.27.tar.gz
+++ b/2.0.27.tar.gz
--- a/CVE-2021-41973.patch
+++ b/CVE-2021-41973.patch
@ -1,22 +0,0 @@
-From 3a91690e574a69875a2fca1f0e363b0b9ff00469 Mon Sep 17 00:00:00 2001
-From: Jonathan Valliere <johnnyv@apache.org>
-Date: Thu, 14 Oct 2021 23:34:17 -0400
-Subject: [PATCH] Backport fix for malformed HTTP decoder loop
-
---
- .../src/main/java/org/apache/mina/http/HttpServerDecoder.java   | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
-index 4f9ed5998..d861216e6 100644
--- a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
-+++ b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
-@@ -194,7 +194,7 @@ public void dispose(IoSession session) throws Exception {
-     }
- 
-     private HttpRequestImpl parseHttpRequestHead(ByteBuffer buffer) {
-        String raw = new String(buffer.array(), 0, buffer.limit());
-+    	String raw = new String(buffer.array(), buffer.position(), buffer.remaining());
-         String[] headersAndBody = RAW_VALUE_PATTERN.split(raw, -1);
- 
-         if (headersAndBody.length <= 1) {
--- a/apache-mina.spec
+++ b/apache-mina.spec
@ -1,11 +1,10 @@
 Name:                apache-mina
-Version:             2.0.21
-Release:             2
+Version:             2.0.27
+Release:             1
 Summary:             Apache MINA
 License:             ASL 2.0
 URL:                 http://mina.apache.org
 Source0:             https://github.com/apache/mina/archive/%{version}.tar.gz
-Patch0:              CVE-2021-41973.patch
 BuildRequires:       maven-local mvn(com.jcraft:jzlib) mvn(commons-lang:commons-lang)
 BuildRequires:       mvn(org.apache:apache:pom:) mvn(org.slf4j:slf4j-api)
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
@ -49,7 +48,6 @@ This package provides %{name}.

 %prep
 %setup -q -n mina-%{version}
-%patch0 -p1
 sed -i \
    -e 's|<packaging>bundle</packaging>|<packaging>jar</packaging>|g' \
    -e 's|<type>bundle</type>|<type>jar</type>|g' \
@ -58,6 +56,8 @@ sed -i \
 %pom_remove_plugin :maven-source-plugin
 %pom_remove_plugin :maven-bundle-plugin
 %pom_remove_plugin :maven-site-plugin
+%pom_remove_plugin :maven-enforcer-plugin
+%pom_remove_plugin :cyclonedx-maven-plugin
 %pom_disable_module mina-legal
 %pom_disable_module mina-transport-apr
 %pom_disable_module mina-integration-beans
@ -89,6 +89,9 @@ sed -i \
 %doc LICENSE.txt NOTICE.txt

 %changelog
+* Mon Dec 30 2024 wangkai <13474090681@163.com> - 2.0.27-1
+- Upgrade to 2.0.27 for fix CVE-2024-52046
+
 * Mon Nov 08 2021 wangkai <wangkai385@huawei.com> - 2.0.21-2
 - Fix CVE-2021-41973