[Git][java-team/jboss-xnio][master] 3 commits: Fix CVE-2022-0084.

Markus Koschany (@apo) gitlab at salsa.debian.org
Tue Aug 23 12:26:58 BST 2022 


Markus Koschany pushed to branch master at Debian Java Maintainers / jboss-xnio


Commits:
25c68617 by Markus Koschany at 2022-08-23T13:16:17+02:00
Fix CVE-2022-0084.

Thanks: Moritz Mühlenhoff for the report.
Closes: #1013280

- - - - -
0c1dbd5f by Markus Koschany at 2022-08-23T13:16:26+02:00
Declare compliance with Debian Policy 4.6.1.

- - - - -
ede52e48 by Markus Koschany at 2022-08-23T13:16:59+02:00
Update changelog

- - - - -


4 changed files:

- debian/changelog
- debian/control
- + debian/patches/CVE-2022-0084.patch
- + debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+jboss-xnio (3.8.7-2) unstable; urgency=medium
+
+  * Fix CVE-2022-0084.
+    Thanks to Moritz Mühlenhoff for the report. (Closes: #1013280)
+  * Declare compliance with Debian Policy 4.6.1.
+
+ -- Markus Koschany <apo at debian.org>  Tue, 23 Aug 2022 13:16:34 +0200
+
 jboss-xnio (3.8.7-1) unstable; urgency=medium
 
   * New upstream version 3.8.7.


=====================================
debian/control
=====================================
@@ -20,7 +20,7 @@ Build-Depends:
  libwildfly-client-config-java,
  libwildfly-common-java,
  maven-debian-helper (>= 1.5)
-Standards-Version: 4.6.0
+Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/java-team/jboss-xnio.git
 Vcs-Browser: https://salsa.debian.org/java-team/jboss-xnio
 Homepage: https://xnio.jboss.org/


=====================================
debian/patches/CVE-2022-0084.patch
=====================================
@@ -0,0 +1,48 @@
+From: Markus Koschany <apo at debian.org>
+Date: Tue, 23 Aug 2022 13:15:04 +0200
+Subject: CVE-2022-0084
+
+Bug-Debian: https://bugs.debian.org/1013280
+Origin: https://github.com/xnio/xnio/commit/b05531de0433f498af26f9aec6c0e944c3c1689c
+---
+ api/src/main/java/org/xnio/StreamConnection.java | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/api/src/main/java/org/xnio/StreamConnection.java b/api/src/main/java/org/xnio/StreamConnection.java
+index 807142f..e0b9fb6 100644
+--- a/api/src/main/java/org/xnio/StreamConnection.java
++++ b/api/src/main/java/org/xnio/StreamConnection.java
+@@ -21,6 +21,7 @@ package org.xnio;
+ import java.io.IOException;
+ import java.util.concurrent.atomic.AtomicReference;
+ 
++import org.jboss.logging.Logger;
+ import org.xnio.channels.CloseListenerSettable;
+ import org.xnio.conduits.ConduitStreamSinkChannel;
+ import org.xnio.conduits.ConduitStreamSourceChannel;
+@@ -41,6 +42,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+      * An empty listener used as a flag, to indicate that close listener has been invoked.
+      */
+     private static final ChannelListener<? super StreamConnection> INVOKED_CLOSE_LISTENER_FLAG = (StreamConnection connection)->{};
++    private static final Logger log = Logger.getLogger("org.xnio.StreamConnection");
+ 
+     private ConduitStreamSourceChannel sourceChannel;
+     private ConduitStreamSinkChannel sinkChannel;
+@@ -86,7 +88,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+         try {
+             this.getSourceChannel().shutdownReads();
+         } catch (IOException e) {
+-            e.printStackTrace();
++            log.error("Error in read close", e);
+         }
+     }
+ 
+@@ -94,7 +96,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+         try {
+             this.getSinkChannel().shutdownWrites();
+         } catch (IOException e) {
+-            e.printStackTrace();
++            log.error("Error in write close", e);
+         }
+     }
+ 


=====================================
debian/patches/series
=====================================
@@ -0,0 +1 @@
+CVE-2022-0084.patch



View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/5d75b3829fa0d1b3bd94f3d281f71afb15c41c17...ede52e4871fb0b55fe38aa2437fc27102c1fae8f

-- 
View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/5d75b3829fa0d1b3bd94f3d281f71afb15c41c17...ede52e4871fb0b55fe38aa2437fc27102c1fae8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20220823/87e9a65b/attachment.htm>

More information about the pkg-java-commits mailing list