Hello community,
here is the log from the commit of package jakarta-commons-fileupload for
openSUSE:Factory checked in at 2014-04-03 17:07:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jakarta-commons-fileupload (Old)
and /work/SRC/openSUSE:Factory/.jakarta-commons-fileupload.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jakarta-commons-fileupload"
Changes:
--------
---
/work/SRC/openSUSE:Factory/jakarta-commons-fileupload/jakarta-commons-fileupload.changes
2013-10-24 14:08:26.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.jakarta-commons-fileupload.new/jakarta-commons-fileupload.changes
2014-04-03 17:07:32.000000000 +0200
@@ -1,0 +2,7 @@
+Wed Apr 2 13:16:52 UTC 2014 - [email protected]
+
+- Fix bnc#862781/CVE-2014-0050: buffer overflow
+ http://svn.apache.org/viewvc?view=revision&revision=1565143
+ * jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch
+
+-------------------------------------------------------------------
New:
----
jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jakarta-commons-fileupload.spec ++++++
--- /var/tmp/diff_new_pack.8QPyVb/_old 2014-04-03 17:07:32.000000000 +0200
+++ /var/tmp/diff_new_pack.8QPyVb/_new 2014-04-03 17:07:32.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package jakarta-commons-fileupload
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,6 +33,8 @@
#PATCH-FIX-UPSTREAM: bnc#846174
#DiskFileItem.java part of
http://svn.apache.org/viewvc?view=revision&revision=1507048
Patch2: jakarta-commons-fileupload-CVE-2013-2186.patch
+#PATCH-FIX-UPSTREAM: bnc#862781
+Patch3:
jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
BuildRequires: ant
@@ -83,6 +85,7 @@
%patch0 -b .build.xml
%patch1 -p0 -b .servletapi5
%patch2 -p0
+%patch3 -p1
# -----------------------------------------------------------------------------
%build
++++++ jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch ++++++
---
commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java
2006-06-08 10:14:31.000000000 +0200
+++
commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadBase.java
2014-04-02 15:08:19.683187831 +0200
@@ -15,6 +15,8 @@
*/
package org.apache.commons.fileupload;
+import static java.lang.String.format;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -158,6 +160,8 @@
*/
public static final int MAX_HEADER_SIZE = 1024;
+ private MultipartStream multi;
+
// ----------------------------------------------------------- Data members
@@ -328,7 +332,12 @@
InputStream input = ctx.getInputStream();
- MultipartStream multi = new MultipartStream(input, boundary);
+ try {
+ multi = new MultipartStream(input, boundary);
+ } catch (IllegalArgumentException iae) {
+ throw new InvalidContentTypeException(
+ format("The boundary specified in the %s header is too
long", CONTENT_TYPE), iae);
+ }
multi.setHeaderEncoding(charEncoding);
boolean nextPart = multi.skipPreamble();
@@ -601,6 +610,10 @@
public InvalidContentTypeException(String message) {
super(message);
}
+
+ public InvalidContentTypeException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
}
diff -urN
commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java
commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java
---
commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java
2006-06-08 10:14:30.000000000 +0200
+++
commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java
2014-04-02 14:23:47.116940699 +0200
@@ -259,8 +259,12 @@
// We prepend CR/LF to the boundary to chop trailng CR/LF from
// body-data tokens.
- this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+ if (bufSize < this.boundaryLength + 1) {
+ throw new IllegalArgumentException(
+ "The buffer size specified for the MultipartStream is too
small");
+ }
+ this.boundary = new byte[this.boundaryLength];
this.keepRegion = boundary.length + KEEP_REGION_PAD;
System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
BOUNDARY_PREFIX.length);
---
commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadException.java
2006-06-08 10:14:30.000000000 +0200
+++
commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadException.java
2014-04-02 15:13:02.806214012 +0200
@@ -15,6 +15,9 @@
*/
package org.apache.commons.fileupload;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
/**
* Exception for errors encountered while processing the request.
*
@@ -25,9 +28,16 @@
extends Exception {
/**
+ * The exceptions cause. We overwrite the cause of
+ * the super class, which isn't available in Java 1.3.
+ */
+ private final Throwable cause;
+
+ /**
* Constructs a new <code>FileUploadException</code> without message.
*/
public FileUploadException() {
+ this(null, null);
}
/**
@@ -37,6 +47,55 @@
* @param msg the error message.
*/
public FileUploadException(final String msg) {
+ this(msg, null);
+ }
+
+ /**
+ * Creates a new <code>FileUploadException</code> with the given
+ * detail message and cause.
+ *
+ * @param msg The exceptions detail message.
+ * @param cause The exceptions cause.
+ */
+ public FileUploadException(String msg, Throwable cause) {
super(msg);
+ this.cause = cause;
+ }
+
+ /**
+ * Prints this throwable and its backtrace to the specified print stream.
+ *
+ * @param stream <code>PrintStream</code> to use for output
+ */
+ @Override
+ public void printStackTrace(PrintStream stream) {
+ super.printStackTrace(stream);
+ if (cause != null) {
+ stream.println("Caused by:");
+ cause.printStackTrace(stream);
+ }
+ }
+
+ /**
+ * Prints this throwable and its backtrace to the specified
+ * print writer.
+ *
+ * @param writer <code>PrintWriter</code> to use for output
+ */
+ @Override
+ public void printStackTrace(PrintWriter writer) {
+ super.printStackTrace(writer);
+ if (cause != null) {
+ writer.println("Caused by:");
+ cause.printStackTrace(writer);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Throwable getCause() {
+ return cause;
}
}
---
commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/MultipartStreamTest.java
2006-06-08 10:14:30.000000000 +0200
+++
commons-fileupload-1.1.1.new/src/test/org/apache/commons/fileupload/MultipartStreamTest.java
2014-04-02 15:15:35.770228156 +0200
@@ -39,7 +39,7 @@
final String strData = "foobar";
InputStream input = new
ByteArrayInputStream(strData.getBytes());
byte[] boundary = BOUNDARY_TEXT.getBytes();
- int iBufSize = boundary.length;
+ int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length
+ 1;
MultipartStream ms = new MultipartStream(
input,
boundary,
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
