Hello community, here is the log from the commit of package tomcat6 for openSUSE:11.3 checked in at Fri Sep 16 16:02:45 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/tomcat6/tomcat6.changes 2011-08-15 13:30:16.000000000 +0200 +++ 11.3/tomcat6/tomcat6.changes 2011-09-15 15:58:46.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Sep 15 13:58:05 UTC 2011 - [email protected] + +- fix bnc#715991 - VUL-0: tomcat authentication bypass and information + disclosure (CVE-2011-3190) + * http://svn.apache.org/viewvc?view=revision&revision=1162959 + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- apache-tomcat-CVE-2011-3190.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtcnative-1-0.spec ++++++ --- /var/tmp/diff_new_pack.mJ5VFl/_old 2011-09-16 16:02:09.000000000 +0200 +++ /var/tmp/diff_new_pack.mJ5VFl/_new 2011-09-16 16:02:09.000000000 +0200 @@ -29,7 +29,7 @@ Name: libtcnative-1-0 Version: %{major}.%{minor}.%{micro} -Release: 5.<RELEASE8> +Release: 5.<RELEASE9> Summary: JNI wrappers for Apache Portable Runtime for Tomcat Group: Productivity/Networking/Web/Servers License: Apache Software License .. ++++++ tomcat6.spec ++++++ --- /var/tmp/diff_new_pack.mJ5VFl/_old 2011-09-16 16:02:09.000000000 +0200 +++ /var/tmp/diff_new_pack.mJ5VFl/_new 2011-09-16 16:02:09.000000000 +0200 @@ -41,7 +41,7 @@ Name: tomcat6 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 5.<RELEASE12> +Release: 5.<RELEASE14> Summary: Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API Group: Productivity/Networking/Web/Servers License: Apache Software License .. @@ -77,6 +77,8 @@ Patch8: apache-tomcat-CVE-2011-2204.patch #PATCH-FIX-UPSTREAM: http://svn.apache.org/viewvc?view=revision&revision=1146703 Patch9: apache-tomcat-CVE-2011-2526.patch +#PATCH-FIX-UPSTREAM: http://svn.apache.org/viewvc?view=revision&revision=1162959 +Patch10: apache-tomcat-CVE-2011-3190.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: ant @@ -241,6 +243,7 @@ %patch7 -p0 -b .CVE-2011-0534 %patch8 -p0 -b .CVE-2011-2204 %patch9 -p0 -b .CVE-2011-2526 +%patch10 -p1 -b .CVE-2011-3190 %build export CLASSPATH= ++++++ apache-tomcat-CVE-2011-3190.patch ++++++ Index: tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpProcessor.java (revision 1162958) +++ tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpProcessor.java (revision 1162959) @@ -423,11 +423,13 @@ } continue; } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) { - // Usually the servlet didn't read the previous request body - if(log.isDebugEnabled()) { - log.debug("Unexpected message: "+type); + // Unexpected packet type. Unread body packets should have + // been swallowed in finish(). + if (log.isDebugEnabled()) { + log.debug("Unexpected message: " + type); } - continue; + error = true; + break; } request.setStartTime(System.currentTimeMillis()); @@ -1061,6 +1063,11 @@ finished = true; + // Swallow the unread body packet if present + if (first && request.getContentLengthLong() > 0) { + receive(); + } + // Add the end message output.write(endMessageArray); Index: tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpAprProcessor.java (revision 1162958) +++ tomcat6-6.0.24/apache-tomcat-6.0.24-src/java/org/apache/coyote/ajp/AjpAprProcessor.java (revision 1162959) @@ -405,11 +405,13 @@ } continue; } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) { - // Usually the servlet didn't read the previous request body - if(log.isDebugEnabled()) { - log.debug("Unexpected message: "+type); + // Unexpected packet type. Unread body packets should have + // been swallowed in finish(). + if (log.isDebugEnabled()) { + log.debug("Unexpected message: " + type); } - continue; + error = true; + break; } keptAlive = true; @@ -1056,6 +1058,11 @@ finished = true; + // Swallow the unread body packet if present + if (first && request.getContentLengthLong() > 0) { + receive(); + } + // Add the end message if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) { flush(); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
