Hello community,
here is the log from the commit of package jakarta-commons-fileupload for
openSUSE:13.1 checked in at 2013-10-23 11:35:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1/jakarta-commons-fileupload (Old)
and /work/SRC/openSUSE:13.1/.jakarta-commons-fileupload.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jakarta-commons-fileupload"
Changes:
--------
---
/work/SRC/openSUSE:13.1/jakarta-commons-fileupload/jakarta-commons-fileupload.changes
2013-09-23 10:54:18.000000000 +0200
+++
/work/SRC/openSUSE:13.1/.jakarta-commons-fileupload.new/jakarta-commons-fileupload.changes
2013-10-23 11:35:28.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Oct 17 08:32:35 UTC 2013 - [email protected]
+
+- fix bnc#846174/CVE-2013-2186: null byte injection flaw
+ http://svn.apache.org/viewvc?view=revision&revision=1507048
+ * jakarta-commons-fileupload-CVE-2013-2186.patch
+
+-------------------------------------------------------------------
New:
----
jakarta-commons-fileupload-CVE-2013-2186.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jakarta-commons-fileupload.spec ++++++
--- /var/tmp/diff_new_pack.XpeD0u/_old 2013-10-23 11:35:28.000000000 +0200
+++ /var/tmp/diff_new_pack.XpeD0u/_new 2013-10-23 11:35:28.000000000 +0200
@@ -32,6 +32,9 @@
Source0:
http://www.apache.org/dist/jakarta/commons/fileupload/source/commons-fileupload-1.1.1-src.tar.gz
Patch0: %{name}-build_xml.patch
Patch1: %{name}-%{version}-servletapi5.patch
+#PATCH-FIX-UPSTREAM: bnc#846174
+#DiskFileItem.java part of
http://svn.apache.org/viewvc?view=revision&revision=1507048
+Patch2: jakarta-commons-fileupload-CVE-2013-2186.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if ! %{gcj_support}
BuildArch: noarch
@@ -87,6 +90,7 @@
%setup -q -n %{short_name}-%{version}
%patch0 -b .build.xml
%patch1 -p0 -b .servletapi5
+%patch2 -p0
# -----------------------------------------------------------------------------
%build
@@ -96,7 +100,6 @@
-Dbuild.sysclasspath=only \
-Dfinal.name=%{name}-%{version} \
-Dservletapi.javadoc=%{_javadocdir}/servletapi5 \
- -Dant.build.javac.source=1.4 -Dant.build.javac.target=1.4 \
dist
# -----------------------------------------------------------------------------
++++++ jakarta-commons-fileupload-CVE-2013-2186.patch ++++++
Index: src/java/org/apache/commons/fileupload/disk/DiskFileItem.java
===================================================================
--- src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.orig
+++ src/java/org/apache/commons/fileupload/disk/DiskFileItem.java
@@ -674,6 +674,26 @@ public class DiskFileItem
// read values
in.defaultReadObject();
+ /* One expected use of serialization is to migrate HTTP sessions
+ * containing a DiskFileItem between JVMs. Particularly if the JVMs are
+ * on different machines It is possible that the repository location is
+ * not valid so validate it.
+ */
+ if (repository != null) {
+ if (repository.isDirectory()) {
+ // Check path for nulls
+ if (repository.getPath().contains("\0")) {
+ throw new IOException(java.lang.String.format(
+ "The repository [%s] contains a null character",
+ repository.getPath()));
+ }
+ } else {
+ throw new IOException(java.lang.String.format(
+ "The repository [%s] is not a directory",
+ repository.getAbsolutePath()));
+ }
+ }
+
OutputStream output = getOutputStream();
if (cachedContent != null) {
output.write(cachedContent);
Index: src/java/org/apache/commons/fileupload/DiskFileUpload.java
===================================================================
--- src/java/org/apache/commons/fileupload/DiskFileUpload.java.orig
+++ src/java/org/apache/commons/fileupload/DiskFileUpload.java
@@ -19,6 +19,8 @@ import java.io.File;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
+import static java.lang.String.format;
+
/**
* <p>High level API for processing file uploads.</p>
*
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
