[Git][java-team/jboss-xnio][master] 3 commits: Fix CVE-2022-0084.
Markus Koschany (@apo)
gitlab at salsa.debian.org
Tue Aug 23 12:26:58 BST 2022
Markus Koschany pushed to branch master at Debian Java Maintainers / jboss-xnio
Commits:
25c68617 by Markus Koschany at 2022-08-23T13:16:17+02:00
Fix CVE-2022-0084.
Thanks: Moritz Mühlenhoff for the report.
Closes: #1013280
- - - - -
0c1dbd5f by Markus Koschany at 2022-08-23T13:16:26+02:00
Declare compliance with Debian Policy 4.6.1.
- - - - -
ede52e48 by Markus Koschany at 2022-08-23T13:16:59+02:00
Update changelog
- - - - -
4 changed files:
- debian/changelog
- debian/control
- + debian/patches/CVE-2022-0084.patch
- + debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+jboss-xnio (3.8.7-2) unstable; urgency=medium
+
+ * Fix CVE-2022-0084.
+ Thanks to Moritz Mühlenhoff for the report. (Closes: #1013280)
+ * Declare compliance with Debian Policy 4.6.1.
+
+ -- Markus Koschany <apo at debian.org> Tue, 23 Aug 2022 13:16:34 +0200
+
jboss-xnio (3.8.7-1) unstable; urgency=medium
* New upstream version 3.8.7.
=====================================
debian/control
=====================================
@@ -20,7 +20,7 @@ Build-Depends:
libwildfly-client-config-java,
libwildfly-common-java,
maven-debian-helper (>= 1.5)
-Standards-Version: 4.6.0
+Standards-Version: 4.6.1
Vcs-Git: https://salsa.debian.org/java-team/jboss-xnio.git
Vcs-Browser: https://salsa.debian.org/java-team/jboss-xnio
Homepage: https://xnio.jboss.org/
=====================================
debian/patches/CVE-2022-0084.patch
=====================================
@@ -0,0 +1,48 @@
+From: Markus Koschany <apo at debian.org>
+Date: Tue, 23 Aug 2022 13:15:04 +0200
+Subject: CVE-2022-0084
+
+Bug-Debian: https://bugs.debian.org/1013280
+Origin: https://github.com/xnio/xnio/commit/b05531de0433f498af26f9aec6c0e944c3c1689c
+---
+ api/src/main/java/org/xnio/StreamConnection.java | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/api/src/main/java/org/xnio/StreamConnection.java b/api/src/main/java/org/xnio/StreamConnection.java
+index 807142f..e0b9fb6 100644
+--- a/api/src/main/java/org/xnio/StreamConnection.java
++++ b/api/src/main/java/org/xnio/StreamConnection.java
+@@ -21,6 +21,7 @@ package org.xnio;
+ import java.io.IOException;
+ import java.util.concurrent.atomic.AtomicReference;
+
++import org.jboss.logging.Logger;
+ import org.xnio.channels.CloseListenerSettable;
+ import org.xnio.conduits.ConduitStreamSinkChannel;
+ import org.xnio.conduits.ConduitStreamSourceChannel;
+@@ -41,6 +42,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+ * An empty listener used as a flag, to indicate that close listener has been invoked.
+ */
+ private static final ChannelListener<? super StreamConnection> INVOKED_CLOSE_LISTENER_FLAG = (StreamConnection connection)->{};
++ private static final Logger log = Logger.getLogger("org.xnio.StreamConnection");
+
+ private ConduitStreamSourceChannel sourceChannel;
+ private ConduitStreamSinkChannel sinkChannel;
+@@ -86,7 +88,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+ try {
+ this.getSourceChannel().shutdownReads();
+ } catch (IOException e) {
+- e.printStackTrace();
++ log.error("Error in read close", e);
+ }
+ }
+
+@@ -94,7 +96,7 @@ public abstract class StreamConnection extends Connection implements CloseListen
+ try {
+ this.getSinkChannel().shutdownWrites();
+ } catch (IOException e) {
+- e.printStackTrace();
++ log.error("Error in write close", e);
+ }
+ }
+
=====================================
debian/patches/series
=====================================
@@ -0,0 +1 @@
+CVE-2022-0084.patch
View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/5d75b3829fa0d1b3bd94f3d281f71afb15c41c17...ede52e4871fb0b55fe38aa2437fc27102c1fae8f
--
View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/5d75b3829fa0d1b3bd94f3d281f71afb15c41c17...ede52e4871fb0b55fe38aa2437fc27102c1fae8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20220823/87e9a65b/attachment.htm>
More information about the pkg-java-commits
mailing list