This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch wheezy in repository tomcat7.
commit a5966ebb3d89b700aa1d9773216a8c5afb8eb095 Author: Markus Koschany <[email protected]> Date: Tue Feb 14 12:04:49 2017 +0100 Import Debian changes 7.0.28-4+deb7u10 tomcat7 (7.0.28-4+deb7u10) wheezy-security; urgency=high * Non-maintainer upload by the LTS team. * Add BZ57544-infinite-loop.patch: It was found that https GET requests could trigger an infinite loop and thus cause a denial-of-service. (Closes: #854551) --- debian/changelog | 9 ++++++ debian/patches/BZ57544-infinite-loop.patch | 48 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 58 insertions(+) diff --git a/debian/changelog b/debian/changelog index d5d03a3..a1fd5b5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +tomcat7 (7.0.28-4+deb7u10) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Add BZ57544-infinite-loop.patch: It was found that https GET requests could + trigger an infinite loop and thus cause a denial-of-service. + (Closes: #854551) + + -- Markus Koschany <[email protected]> Tue, 14 Feb 2017 12:04:49 +0100 + tomcat7 (7.0.28-4+deb7u9) wheezy-security; urgency=high * Fix CVE-2016-8745: diff --git a/debian/patches/BZ57544-infinite-loop.patch b/debian/patches/BZ57544-infinite-loop.patch new file mode 100644 index 0000000..32eaa5b --- /dev/null +++ b/debian/patches/BZ57544-infinite-loop.patch @@ -0,0 +1,48 @@ +From: Markus Koschany <[email protected]> +Date: Tue, 14 Feb 2017 12:03:14 +0100 +Subject: BZ57544 infinite loop + +Bug-Upstream: https://bz.apache.org/bugzilla/show_bug.cgi?id=60578 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854551 +Origin: https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788 +--- + java/org/apache/coyote/http11/AbstractInputBuffer.java | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java +index b534cdf..5d54a05 100644 +--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java ++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java +@@ -220,15 +220,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + request.recycle(); + + // Copy leftover bytes to the beginning of the buffer +- if (lastValid - pos > 0) { +- int npos = 0; +- int opos = pos; +- while (lastValid - opos > opos - npos) { +- System.arraycopy(buf, opos, buf, npos, opos - npos); +- npos += pos; +- opos += pos; +- } +- System.arraycopy(buf, opos, buf, npos, lastValid - opos); ++ if (lastValid - pos > 0 && pos > 0) { ++ System.arraycopy(buf, pos, buf, 0, lastValid - pos); ++ lastValid = lastValid - pos; ++ pos = 0; + } + + // Recycle filters +@@ -237,12 +232,9 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + } + + // Reset pointers +- lastValid = lastValid - pos; +- pos = 0; + lastActiveFilter = -1; + parsingHeader = true; + swallowInput = true; +- + } + + diff --git a/debian/patches/series b/debian/patches/series index df71d34..e32d3bc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -47,3 +47,4 @@ CVE-2016-8735.patch CVE-2016-5018-part2.patch CVE-2016-6797-part2.patch CVE-2016-8745.patch +BZ57544-infinite-loop.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
