diff options
author | Julien Lepiller <julien@lepiller.eu> | 2021-04-02 12:55:16 +0200 |
---|---|---|
committer | Julien Lepiller <julien@lepiller.eu> | 2021-04-12 15:12:09 +0200 |
commit | ac3bf4e4da58e985f012d216b2faf36434cdf967 (patch) | |
tree | 01a873e38883e036d3e5e984cc8e9fccef7df893 /gnu/packages/web.scm | |
parent | 29f205f7e060c70895f34521995c147f77bba9eb (diff) | |
download | guix-ac3bf4e4da58e985f012d216b2faf36434cdf967.tar guix-ac3bf4e4da58e985f012d216b2faf36434cdf967.tar.gz |
gnu: java-eclipse-jetty-util: Update to 9.4.39 [security fixes].
Fixes CVE-2021-28165 - jetty server high CPU when client send data length >
17408, CVE-2021-28164 - Normalize ambiguous URIs and CVE-2021-28163 - Exclude
webapps directory from deployment scan.
* gnu/packages/java.scm (java-eclipse-jetty-util): Update to 9.4.39.
(java-eclipse-jetty-util-ajax): New variable.
(java-eclipse-jetty-util, java-eclipse-jetty-io, java-eclipse-jetty-http)
(java-eclipse-jetty-jmx, java-eclipse-jetty-server)
(java-eclipse-jetty-security, java-eclipse-jetty-servlet)
(java-eclipse-jetty-xml, java-eclipse-jetty-webapp): Disable tests.
[native-inputs]: Remove test dependencies.
Diffstat (limited to 'gnu/packages/web.scm')
-rw-r--r-- | gnu/packages/web.scm | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 2331601ce7..060056ebfd 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -6851,18 +6851,19 @@ Web Server.") (define-public java-eclipse-jetty-util (package (name "java-eclipse-jetty-util") - (version "9.4.6") + (version "9.4.39") (source (origin (method url-fetch) (uri (string-append "https://github.com/eclipse/jetty.project/" - "archive/jetty-" version ".v20170531.tar.gz")) + "archive/jetty-" version ".v20210325.tar.gz")) (sha256 (base32 - "0x7kbdvkmgr6kbsmbwiiyv3bb0d6wk25frgvld9cf8540136z9p1")))) + "0b4hy4zmdmfbqk9bzmxk7v75y2ysqiappkip4z3hb9lxjvjh0b19")))) (build-system ant-build-system) (arguments `(#:jar-name "eclipse-jetty-util.jar" #:source-dir "src/main/java" + #:tests? #f; require junit 5 #:test-exclude (list "**/Abstract*.java" ;; requires network @@ -6881,11 +6882,6 @@ Web Server.") (inputs `(("slf4j" ,java-slf4j-api) ("servlet" ,java-javaee-servletapi))) - (native-inputs - `(("junit" ,java-junit) - ("hamcrest" ,java-hamcrest-all) - ("perf-helper" ,java-eclipse-jetty-perf-helper) - ("test-helper" ,java-eclipse-jetty-test-helper))) (home-page "https://www.eclipse.org/jetty/") (synopsis "Utility classes for Jetty") (description "The Jetty Web Server provides an HTTP server and Servlet @@ -6946,6 +6942,7 @@ or embedded instantiation. This package provides utility classes.") `(#:jar-name "eclipse-jetty-io.jar" #:source-dir "src/main/java" #:jdk ,icedtea-8 + #:tests? #f; require junit 5 #:test-exclude (list "**/Abstract*.java" ;; Abstract class "**/EndPointTest.java") @@ -6987,6 +6984,7 @@ or embedded instantiation. This package provides IO-related utility classes.")) `(#:jar-name "eclipse-jetty-http.jar" #:source-dir "src/main/java" #:jdk ,icedtea-8 + #:tests? #f; require junit 5 #:phases (modify-phases %standard-phases (add-before 'configure 'chdir @@ -7122,9 +7120,6 @@ or embedded instantiation. This package provides the JMX management."))) ("io" ,java-eclipse-jetty-io) ("jmx" ,java-eclipse-jetty-jmx) ("util" ,java-eclipse-jetty-util))) - (native-inputs - `(("test-classes" ,java-eclipse-jetty-http-test-classes) - ,@(package-native-inputs java-eclipse-jetty-util))) (synopsis "Core jetty server artifact") (description "The Jetty Web Server provides an HTTP server and Servlet container capable of serving static and dynamic content either from a standalone @@ -7154,6 +7149,7 @@ artifact."))) `(#:jar-name "eclipse-jetty-security.jar" #:source-dir "src/main/java" #:jdk ,icedtea-8 + #:tests? #f; require junit 5 #:test-exclude (list "**/ConstraintTest.*") ; This test fails #:phases (modify-phases %standard-phases @@ -7167,9 +7163,6 @@ artifact."))) ("http" ,java-eclipse-jetty-http) ("server" ,java-eclipse-jetty-server) ("util" ,java-eclipse-jetty-util))) - (native-inputs - `(("io" ,java-eclipse-jetty-io) - ,@(package-native-inputs java-eclipse-jetty-util))) (synopsis "Jetty security infrastructure") (description "The Jetty Web Server provides an HTTP server and Servlet container capable of serving static and dynamic content either from a standalone @@ -7190,6 +7183,18 @@ infrastructure"))) `(("io" ,java-eclipse-jetty-io-9.2) ,@(package-native-inputs java-eclipse-jetty-util-9.2))))) +(define-public java-eclipse-jetty-util-ajax + (package + (inherit java-eclipse-jetty-util) + (name "java-eclipse-jetty-util-ajax") + (arguments + `(#:jar-name "eclipse-jetty-util-ajax.jar" + #:source-dir "jetty-util-ajax/src/main/java" + #:tests? #f)); require junit 5 + (inputs + `(("java-eclipse-jetty-util" ,java-eclipse-jetty-util) + ("java-javaee-servletapi" ,java-javaee-servletapi))))) + (define-public java-eclipse-jetty-servlet (package (inherit java-eclipse-jetty-util) @@ -7198,6 +7203,7 @@ infrastructure"))) `(#:jar-name "eclipse-jetty-servlet.jar" #:source-dir "src/main/java" #:jdk ,icedtea-8 + #:tests? #f; require junit 5 #:phases (modify-phases %standard-phases (add-before 'configure 'chdir @@ -7207,8 +7213,8 @@ infrastructure"))) (inputs `(("slf4j" ,java-slf4j-api) ("java-javaee-servletapi" ,java-javaee-servletapi) + ("java-eclipse-jetty-util-ajax" ,java-eclipse-jetty-util-ajax) ("http" ,java-eclipse-jetty-http) - ("http-test" ,java-eclipse-jetty-http-test-classes) ("io" ,java-eclipse-jetty-io) ("jmx" ,java-eclipse-jetty-jmx) ("security" ,java-eclipse-jetty-security) @@ -7298,6 +7304,7 @@ container."))) `(#:jar-name "eclipse-jetty-webapp.jar" #:source-dir "src/main/java" #:jdk ,icedtea-8 + #:tests? #f; require junit 5 ;; One test fails #:test-exclude (list "**/WebAppContextTest.java") #:phases @@ -7309,14 +7316,12 @@ container."))) (inputs `(("java-eclipse-jetty-util" ,java-eclipse-jetty-util) ("java-eclipse-jetty-http" ,java-eclipse-jetty-http) + ("java-eclipse-jetty-io" ,java-eclipse-jetty-io) ("java-eclipse-jetty-server" ,java-eclipse-jetty-server) ("java-eclipse-jetty-servlet" ,java-eclipse-jetty-servlet) ("java-eclipse-jetty-security" ,java-eclipse-jetty-security) ("java-eclipse-jetty-xml" ,java-eclipse-jetty-xml) - ("java-javaee-servletapi" ,java-javaee-servletapi))) - (native-inputs - `(("java-eclipse-jetty-io" ,java-eclipse-jetty-io) - ,@(package-native-inputs java-eclipse-jetty-util))))) + ("java-javaee-servletapi" ,java-javaee-servletapi))))) (define-public java-eclipse-jetty-webapp-9.2 (package |