This is an automated email from the git hooks/post-receive script. tmancill pushed a commit to branch master in repository tomcat6.
commit f14a21980715165838ebe3481fe6bf079005cd0a Author: tony mancill <[email protected]> Date: Sat Aug 3 21:19:30 2013 -0700 delete 0011-CVE-02012-0022 patch; included upstream --- .../0011-CVE-2012-0022-regression-fix.patch | 83 -------------------- debian/patches/series | 1 - 2 files changed, 84 deletions(-) diff --git a/debian/patches/0011-CVE-2012-0022-regression-fix.patch b/debian/patches/0011-CVE-2012-0022-regression-fix.patch deleted file mode 100644 index abd2bf9..0000000 --- a/debian/patches/0011-CVE-2012-0022-regression-fix.patch +++ /dev/null @@ -1,83 +0,0 @@ -Description: fix regression from the CVE-2012-0022 security fix that - went into 6.0.35. -Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1229027 -Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52384 - -Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties -=================================================================== ---- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/LocalStrings.properties 2011-11-12 03:36:55.000000000 -0500 -+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties 2012-02-13 09:03:10.865891860 -0500 -@@ -17,6 +17,7 @@ - parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes - parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. - parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values. -+parameters.emptyChunk=Empty parameter chunk ignored - parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored - parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector. - parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures. -Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java -=================================================================== ---- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/Parameters.java 2011-11-25 16:11:35.000000000 -0500 -+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java 2012-02-13 09:03:10.889891861 -0500 -@@ -314,6 +314,15 @@ - } - - if (nameEnd <= nameStart ) { -+ if (valueStart == -1) { -+ // && -+ if (log.isDebugEnabled()) { -+ log.debug(sm.getString("parameters.emptyChunk")); -+ } -+ // Do not flag as error -+ continue; -+ } -+ // &=foo& - if (log.isInfoEnabled()) { - if (valueEnd >= nameStart && log.isDebugEnabled()) { - String extract = null; -@@ -341,7 +350,11 @@ - } - - tmpName.setBytes(bytes, nameStart, nameEnd - nameStart); -- tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); -+ if (valueStart >= 0) { -+ tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); -+ } else { -+ tmpValue.setBytes(bytes, 0, 0); -+ } - - // Take copies as if anything goes wrong originals will be - // corrupted. This means original values can be logged. -@@ -349,7 +362,11 @@ - if (log.isDebugEnabled()) { - try { - origName.append(bytes, nameStart, nameEnd - nameStart); -- origValue.append(bytes, valueStart, valueEnd - valueStart); -+ if (valueStart >= 0) { -+ origValue.append(bytes, valueStart, valueEnd - valueStart); -+ } else { -+ origValue.append(bytes, 0, 0); -+ } - } catch (IOException ioe) { - // Should never happen... - log.error(sm.getString("parameters.copyFail"), ioe); -@@ -366,11 +383,15 @@ - tmpName.setCharset(charset); - name = tmpName.toString(); - -- if (decodeValue) { -- urlDecode(tmpValue); -+ if (valueStart >= 0) { -+ if (decodeValue) { -+ urlDecode(tmpValue); -+ } -+ tmpValue.setCharset(charset); -+ value = tmpValue.toString(); -+ } else { -+ value = ""; - } -- tmpValue.setCharset(charset); -- value = tmpValue.toString(); - - addParam(name, value); - } catch (IOException e) { diff --git a/debian/patches/series b/debian/patches/series index 9fb5128..6d9df1c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,7 +7,6 @@ 0007-add-OSGi-headers-to-servlet-api.patch 0008-add-OSGI-headers-to-jsp-api.patch 0010-Use-java.security.policy-file-in-catalina.sh.patch -0011-CVE-2012-0022-regression-fix.patch cve-2012-2733.patch cve-2012-3439.patch 0017-eclipse-compiler-update.patch -- Alioth's hooks/post-receive on /srv/git.debian.org/git/pkg-java/tomcat6.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
