This is an automated email from the git hooks/post-receive script. tmancill pushed a commit to branch master in repository tomcat6.
commit 6c7d85fc8a24d2fe4b8d63bbb838745e1b860cbf Author: tony mancill <[email protected]> Date: Sat Aug 3 20:57:53 2013 -0700 drop patches included in upstream --- debian/patches/0014-CVE-2012-4534.patch | 75 ------------------------------- debian/patches/0015-CVE-2012-4431.patch | 51 --------------------- debian/patches/0016-CVE-2012-3546.patch | 46 ------------------- debian/patches/series | 3 -- 4 files changed, 175 deletions(-) diff --git a/debian/patches/0014-CVE-2012-4534.patch b/debian/patches/0014-CVE-2012-4534.patch deleted file mode 100644 index fec0610..0000000 --- a/debian/patches/0014-CVE-2012-4534.patch +++ /dev/null @@ -1,75 +0,0 @@ -Description: Fix high CPU load with SSL, NIO and sendfile when - client breaks the connection before reading all the requested data. - It is a fix for CVE-2012-4534. -Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1372035&r2=1372034&pathrev=1372035 -Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52858 - ---- a/java/org/apache/tomcat/util/net/NioEndpoint.java -+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java -@@ -1713,8 +1713,14 @@ - public boolean processSendfile(SelectionKey sk, KeyAttachment attachment, boolean reg, boolean event) { - NioChannel sc = null; - try { -- //unreg(sk,attachment);//only do this if we do process send file on a separate thread -+ unreg(sk, attachment, sk.readyOps()); - SendfileData sd = attachment.getSendfileData(); -+ -+ if (log.isTraceEnabled()) { -+ log.trace("Processing send file for: " + sd.fileName); -+ } -+ -+ //setup the file channel - if ( sd.fchannel == null ) { - File f = new File(sd.fileName); - if ( !f.exists() ) { -@@ -1723,10 +1729,14 @@ - } - sd.fchannel = new FileInputStream(f).getChannel(); - } -+ -+ //configure output channel - sc = attachment.getChannel(); - sc.setSendFile(true); -+ //ssl channel is slightly different - WritableByteChannel wc =(WritableByteChannel) ((sc instanceof SecureNioChannel)?sc:sc.getIOChannel()); -- -+ -+ //we still have data in the buffer - if (sc.getOutboundRemaining()>0) { - if (sc.flushOutbound()) { - attachment.access(); -@@ -1753,15 +1763,13 @@ - attachment.setSendfileData(null); - try {sd.fchannel.close();}catch(Exception ignore){} - if ( sd.keepAlive ) { -- if (reg) { -- if (log.isDebugEnabled()) { -- log.debug("Connection is keep alive, registering back for OP_READ"); -- } -- if (event) { -- this.add(attachment.getChannel(),SelectionKey.OP_READ); -- } else { -- reg(sk,attachment,SelectionKey.OP_READ); -- } -+ if (log.isDebugEnabled()) { -+ log.debug("Connection is keep alive, registering back for OP_READ"); -+ } -+ if (event) { -+ this.add(attachment.getChannel(),SelectionKey.OP_READ); -+ } else { -+ reg(sk,attachment,SelectionKey.OP_READ); - } - } else { - if (log.isDebugEnabled()) { -@@ -1770,9 +1778,9 @@ - cancelledKey(sk,SocketStatus.STOP,false); - return false; - } -- } else if ( attachment.interestOps() == 0 && reg ) { -+ } else { - if (log.isDebugEnabled()) { -- log.debug("OP_WRITE for sendilfe:"+sd.fileName); -+ log.debug("OP_WRITE for sendfile:" + sd.fileName); - } - if (event) { - add(attachment.getChannel(),SelectionKey.OP_WRITE); diff --git a/debian/patches/0015-CVE-2012-4431.patch b/debian/patches/0015-CVE-2012-4431.patch deleted file mode 100644 index 8ad8d2e..0000000 --- a/debian/patches/0015-CVE-2012-4431.patch +++ /dev/null @@ -1,51 +0,0 @@ -Description: Improve session management in CsrfPreventionFilter (kkolinko) - It is a fix for CVE-2012-4431. -Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1394456&r2=1394455&pathrev=1394456 - ---- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java -+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java -@@ -33,6 +33,7 @@ - import javax.servlet.http.HttpServletRequest; - import javax.servlet.http.HttpServletResponse; - import javax.servlet.http.HttpServletResponseWrapper; -+import javax.servlet.http.HttpSession; - - import org.apache.juli.logging.Log; - import org.apache.juli.logging.LogFactory; -@@ -153,16 +154,19 @@ - } - } - -+ HttpSession session = req.getSession(false); -+ - @SuppressWarnings("unchecked") -- LruCache<String> nonceCache = -- (LruCache<String>) req.getSession(true).getAttribute( -- Constants.CSRF_NONCE_SESSION_ATTR_NAME); -- -+ LruCache<String> nonceCache = (session == null) ? null -+ : (LruCache<String>) session.getAttribute( -+ Constants.CSRF_NONCE_SESSION_ATTR_NAME); -+ - if (!skipNonceCheck) { - String previousNonce = - req.getParameter(Constants.CSRF_NONCE_REQUEST_PARAM); - -- if (nonceCache != null && !nonceCache.contains(previousNonce)) { -+ if (nonceCache == null || previousNonce == null || -+ !nonceCache.contains(previousNonce)) { - res.sendError(HttpServletResponse.SC_FORBIDDEN); - return; - } -@@ -170,7 +174,10 @@ - - if (nonceCache == null) { - nonceCache = new LruCache<String>(nonceCacheSize); -- req.getSession().setAttribute( -+ if (session == null) { -+ session = req.getSession(true); -+ } -+ session.setAttribute( - Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache); - } - diff --git a/debian/patches/0016-CVE-2012-3546.patch b/debian/patches/0016-CVE-2012-3546.patch deleted file mode 100644 index 0ae4bb6..0000000 --- a/debian/patches/0016-CVE-2012-3546.patch +++ /dev/null @@ -1,46 +0,0 @@ -Description: Remove unneeded handling of FORM authentication in RealmBase. - It is a fix for CVE-2012-3546. -Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1381035&r2=1381034&pathrev=1381035 - ---- a/java/org/apache/catalina/realm/RealmBase.java -+++ b/java/org/apache/catalina/realm/RealmBase.java -@@ -45,7 +45,6 @@ - import org.apache.catalina.connector.Request; - import org.apache.catalina.connector.Response; - import org.apache.catalina.core.ContainerBase; --import org.apache.catalina.deploy.LoginConfig; - import org.apache.catalina.deploy.SecurityConstraint; - import org.apache.catalina.deploy.SecurityCollection; - import org.apache.catalina.util.HexUtils; -@@ -734,31 +733,6 @@ - if (constraints == null || constraints.length == 0) - return (true); - -- // Specifically allow access to the form login and form error pages -- // and the "j_security_check" action -- LoginConfig config = context.getLoginConfig(); -- if ((config != null) && -- (Constants.FORM_METHOD.equals(config.getAuthMethod()))) { -- String requestURI = request.getRequestPathMB().toString(); -- String loginPage = config.getLoginPage(); -- if (loginPage.equals(requestURI)) { -- if (log.isDebugEnabled()) -- log.debug(" Allow access to login page " + loginPage); -- return (true); -- } -- String errorPage = config.getErrorPage(); -- if (errorPage.equals(requestURI)) { -- if (log.isDebugEnabled()) -- log.debug(" Allow access to error page " + errorPage); -- return (true); -- } -- if (requestURI.endsWith(Constants.FORM_ACTION)) { -- if (log.isDebugEnabled()) -- log.debug(" Allow access to username/password submission"); -- return (true); -- } -- } -- - // Which user principal have we already authenticated? - Principal principal = request.getPrincipal(); - boolean status = false; diff --git a/debian/patches/series b/debian/patches/series index 617502e..9fb5128 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,7 +10,4 @@ 0011-CVE-2012-0022-regression-fix.patch cve-2012-2733.patch cve-2012-3439.patch -0014-CVE-2012-4534.patch -0015-CVE-2012-4431.patch -0016-CVE-2012-3546.patch 0017-eclipse-compiler-update.patch -- Alioth's hooks/post-receive on /srv/git.debian.org/git/pkg-java/tomcat6.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
