gnu: java-eclipse-jetty-util: Update to 9.4.39 [security fixes].

Fixes CVE-2021-28165 - jetty server high CPU when client send data length >
17408, CVE-2021-28164 - Normalize ambiguous URIs and CVE-2021-28163 - Exclude
webapps directory from deployment scan.

* gnu/packages/java.scm (java-eclipse-jetty-util): Update to 9.4.39.
(java-eclipse-jetty-util-ajax): New variable.
(java-eclipse-jetty-util, java-eclipse-jetty-io, java-eclipse-jetty-http)
(java-eclipse-jetty-jmx, java-eclipse-jetty-server)
(java-eclipse-jetty-security, java-eclipse-jetty-servlet)
(java-eclipse-jetty-xml, java-eclipse-jetty-webapp): Disable tests.
[native-inputs]: Remove test dependencies.
This commit is contained in:
Julien Lepiller 2021-04-02 12:55:16 +02:00
parent 29f205f7e0
commit ac3bf4e4da
No known key found for this signature in database
GPG key ID: 53D457B2D636EE82

View file

@ -6851,18 +6851,19 @@ (define-public java-eclipse-jetty-perf-helper
(define-public java-eclipse-jetty-util (define-public java-eclipse-jetty-util
(package (package
(name "java-eclipse-jetty-util") (name "java-eclipse-jetty-util")
(version "9.4.6") (version "9.4.39")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://github.com/eclipse/jetty.project/" (uri (string-append "https://github.com/eclipse/jetty.project/"
"archive/jetty-" version ".v20170531.tar.gz")) "archive/jetty-" version ".v20210325.tar.gz"))
(sha256 (sha256
(base32 (base32
"0x7kbdvkmgr6kbsmbwiiyv3bb0d6wk25frgvld9cf8540136z9p1")))) "0b4hy4zmdmfbqk9bzmxk7v75y2ysqiappkip4z3hb9lxjvjh0b19"))))
(build-system ant-build-system) (build-system ant-build-system)
(arguments (arguments
`(#:jar-name "eclipse-jetty-util.jar" `(#:jar-name "eclipse-jetty-util.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:tests? #f; require junit 5
#:test-exclude #:test-exclude
(list "**/Abstract*.java" (list "**/Abstract*.java"
;; requires network ;; requires network
@ -6881,11 +6882,6 @@ (define-public java-eclipse-jetty-util
(inputs (inputs
`(("slf4j" ,java-slf4j-api) `(("slf4j" ,java-slf4j-api)
("servlet" ,java-javaee-servletapi))) ("servlet" ,java-javaee-servletapi)))
(native-inputs
`(("junit" ,java-junit)
("hamcrest" ,java-hamcrest-all)
("perf-helper" ,java-eclipse-jetty-perf-helper)
("test-helper" ,java-eclipse-jetty-test-helper)))
(home-page "https://www.eclipse.org/jetty/") (home-page "https://www.eclipse.org/jetty/")
(synopsis "Utility classes for Jetty") (synopsis "Utility classes for Jetty")
(description "The Jetty Web Server provides an HTTP server and Servlet (description "The Jetty Web Server provides an HTTP server and Servlet
@ -6946,6 +6942,7 @@ (define-public java-eclipse-jetty-io
`(#:jar-name "eclipse-jetty-io.jar" `(#:jar-name "eclipse-jetty-io.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:jdk ,icedtea-8 #:jdk ,icedtea-8
#:tests? #f; require junit 5
#:test-exclude (list "**/Abstract*.java" #:test-exclude (list "**/Abstract*.java"
;; Abstract class ;; Abstract class
"**/EndPointTest.java") "**/EndPointTest.java")
@ -6987,6 +6984,7 @@ (define-public java-eclipse-jetty-http
`(#:jar-name "eclipse-jetty-http.jar" `(#:jar-name "eclipse-jetty-http.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:jdk ,icedtea-8 #:jdk ,icedtea-8
#:tests? #f; require junit 5
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
(add-before 'configure 'chdir (add-before 'configure 'chdir
@ -7122,9 +7120,6 @@ (define-public java-eclipse-jetty-server
("io" ,java-eclipse-jetty-io) ("io" ,java-eclipse-jetty-io)
("jmx" ,java-eclipse-jetty-jmx) ("jmx" ,java-eclipse-jetty-jmx)
("util" ,java-eclipse-jetty-util))) ("util" ,java-eclipse-jetty-util)))
(native-inputs
`(("test-classes" ,java-eclipse-jetty-http-test-classes)
,@(package-native-inputs java-eclipse-jetty-util)))
(synopsis "Core jetty server artifact") (synopsis "Core jetty server artifact")
(description "The Jetty Web Server provides an HTTP server and Servlet (description "The Jetty Web Server provides an HTTP server and Servlet
container capable of serving static and dynamic content either from a standalone container capable of serving static and dynamic content either from a standalone
@ -7154,6 +7149,7 @@ (define-public java-eclipse-jetty-security
`(#:jar-name "eclipse-jetty-security.jar" `(#:jar-name "eclipse-jetty-security.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:jdk ,icedtea-8 #:jdk ,icedtea-8
#:tests? #f; require junit 5
#:test-exclude (list "**/ConstraintTest.*") ; This test fails #:test-exclude (list "**/ConstraintTest.*") ; This test fails
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
@ -7167,9 +7163,6 @@ (define-public java-eclipse-jetty-security
("http" ,java-eclipse-jetty-http) ("http" ,java-eclipse-jetty-http)
("server" ,java-eclipse-jetty-server) ("server" ,java-eclipse-jetty-server)
("util" ,java-eclipse-jetty-util))) ("util" ,java-eclipse-jetty-util)))
(native-inputs
`(("io" ,java-eclipse-jetty-io)
,@(package-native-inputs java-eclipse-jetty-util)))
(synopsis "Jetty security infrastructure") (synopsis "Jetty security infrastructure")
(description "The Jetty Web Server provides an HTTP server and Servlet (description "The Jetty Web Server provides an HTTP server and Servlet
container capable of serving static and dynamic content either from a standalone container capable of serving static and dynamic content either from a standalone
@ -7190,6 +7183,18 @@ (define-public java-eclipse-jetty-security-9.2
`(("io" ,java-eclipse-jetty-io-9.2) `(("io" ,java-eclipse-jetty-io-9.2)
,@(package-native-inputs java-eclipse-jetty-util-9.2))))) ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
(define-public java-eclipse-jetty-util-ajax
(package
(inherit java-eclipse-jetty-util)
(name "java-eclipse-jetty-util-ajax")
(arguments
`(#:jar-name "eclipse-jetty-util-ajax.jar"
#:source-dir "jetty-util-ajax/src/main/java"
#:tests? #f)); require junit 5
(inputs
`(("java-eclipse-jetty-util" ,java-eclipse-jetty-util)
("java-javaee-servletapi" ,java-javaee-servletapi)))))
(define-public java-eclipse-jetty-servlet (define-public java-eclipse-jetty-servlet
(package (package
(inherit java-eclipse-jetty-util) (inherit java-eclipse-jetty-util)
@ -7198,6 +7203,7 @@ (define-public java-eclipse-jetty-servlet
`(#:jar-name "eclipse-jetty-servlet.jar" `(#:jar-name "eclipse-jetty-servlet.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:jdk ,icedtea-8 #:jdk ,icedtea-8
#:tests? #f; require junit 5
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
(add-before 'configure 'chdir (add-before 'configure 'chdir
@ -7207,8 +7213,8 @@ (define-public java-eclipse-jetty-servlet
(inputs (inputs
`(("slf4j" ,java-slf4j-api) `(("slf4j" ,java-slf4j-api)
("java-javaee-servletapi" ,java-javaee-servletapi) ("java-javaee-servletapi" ,java-javaee-servletapi)
("java-eclipse-jetty-util-ajax" ,java-eclipse-jetty-util-ajax)
("http" ,java-eclipse-jetty-http) ("http" ,java-eclipse-jetty-http)
("http-test" ,java-eclipse-jetty-http-test-classes)
("io" ,java-eclipse-jetty-io) ("io" ,java-eclipse-jetty-io)
("jmx" ,java-eclipse-jetty-jmx) ("jmx" ,java-eclipse-jetty-jmx)
("security" ,java-eclipse-jetty-security) ("security" ,java-eclipse-jetty-security)
@ -7298,6 +7304,7 @@ (define-public java-eclipse-jetty-webapp
`(#:jar-name "eclipse-jetty-webapp.jar" `(#:jar-name "eclipse-jetty-webapp.jar"
#:source-dir "src/main/java" #:source-dir "src/main/java"
#:jdk ,icedtea-8 #:jdk ,icedtea-8
#:tests? #f; require junit 5
;; One test fails ;; One test fails
#:test-exclude (list "**/WebAppContextTest.java") #:test-exclude (list "**/WebAppContextTest.java")
#:phases #:phases
@ -7309,14 +7316,12 @@ (define-public java-eclipse-jetty-webapp
(inputs (inputs
`(("java-eclipse-jetty-util" ,java-eclipse-jetty-util) `(("java-eclipse-jetty-util" ,java-eclipse-jetty-util)
("java-eclipse-jetty-http" ,java-eclipse-jetty-http) ("java-eclipse-jetty-http" ,java-eclipse-jetty-http)
("java-eclipse-jetty-io" ,java-eclipse-jetty-io)
("java-eclipse-jetty-server" ,java-eclipse-jetty-server) ("java-eclipse-jetty-server" ,java-eclipse-jetty-server)
("java-eclipse-jetty-servlet" ,java-eclipse-jetty-servlet) ("java-eclipse-jetty-servlet" ,java-eclipse-jetty-servlet)
("java-eclipse-jetty-security" ,java-eclipse-jetty-security) ("java-eclipse-jetty-security" ,java-eclipse-jetty-security)
("java-eclipse-jetty-xml" ,java-eclipse-jetty-xml) ("java-eclipse-jetty-xml" ,java-eclipse-jetty-xml)
("java-javaee-servletapi" ,java-javaee-servletapi))) ("java-javaee-servletapi" ,java-javaee-servletapi)))))
(native-inputs
`(("java-eclipse-jetty-io" ,java-eclipse-jetty-io)
,@(package-native-inputs java-eclipse-jetty-util)))))
(define-public java-eclipse-jetty-webapp-9.2 (define-public java-eclipse-jetty-webapp-9.2
(package (package