[tomcat6] 06/13: delete 0011-CVE-02012-0022 patch; included upstream
Tony Mancill
tmancill at alioth.debian.org
Sun Aug 4 05:22:20 UTC 2013
This is an automated email from the git hooks/post-receive script.
tmancill pushed a commit to branch master
in repository tomcat6.
commit f14a21980715165838ebe3481fe6bf079005cd0a
Author: tony mancill <tmancill at debian.org>
Date: Sat Aug 3 21:19:30 2013 -0700
delete 0011-CVE-02012-0022 patch; included upstream
---
.../0011-CVE-2012-0022-regression-fix.patch | 83 --------------------
debian/patches/series | 1 -
2 files changed, 84 deletions(-)
diff --git a/debian/patches/0011-CVE-2012-0022-regression-fix.patch b/debian/patches/0011-CVE-2012-0022-regression-fix.patch
deleted file mode 100644
index abd2bf9..0000000
--- a/debian/patches/0011-CVE-2012-0022-regression-fix.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Description: fix regression from the CVE-2012-0022 security fix that
- went into 6.0.35.
-Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1229027
-Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52384
-
-Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties
-===================================================================
---- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/LocalStrings.properties 2011-11-12 03:36:55.000000000 -0500
-+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties 2012-02-13 09:03:10.865891860 -0500
-@@ -17,6 +17,7 @@
- parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes
- parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored.
- parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
-+parameters.emptyChunk=Empty parameter chunk ignored
- parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored
- parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
- parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures.
-Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java
-===================================================================
---- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/Parameters.java 2011-11-25 16:11:35.000000000 -0500
-+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java 2012-02-13 09:03:10.889891861 -0500
-@@ -314,6 +314,15 @@
- }
-
- if (nameEnd <= nameStart ) {
-+ if (valueStart == -1) {
-+ // &&
-+ if (log.isDebugEnabled()) {
-+ log.debug(sm.getString("parameters.emptyChunk"));
-+ }
-+ // Do not flag as error
-+ continue;
-+ }
-+ // &=foo&
- if (log.isInfoEnabled()) {
- if (valueEnd >= nameStart && log.isDebugEnabled()) {
- String extract = null;
-@@ -341,7 +350,11 @@
- }
-
- tmpName.setBytes(bytes, nameStart, nameEnd - nameStart);
-- tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
-+ if (valueStart >= 0) {
-+ tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
-+ } else {
-+ tmpValue.setBytes(bytes, 0, 0);
-+ }
-
- // Take copies as if anything goes wrong originals will be
- // corrupted. This means original values can be logged.
-@@ -349,7 +362,11 @@
- if (log.isDebugEnabled()) {
- try {
- origName.append(bytes, nameStart, nameEnd - nameStart);
-- origValue.append(bytes, valueStart, valueEnd - valueStart);
-+ if (valueStart >= 0) {
-+ origValue.append(bytes, valueStart, valueEnd - valueStart);
-+ } else {
-+ origValue.append(bytes, 0, 0);
-+ }
- } catch (IOException ioe) {
- // Should never happen...
- log.error(sm.getString("parameters.copyFail"), ioe);
-@@ -366,11 +383,15 @@
- tmpName.setCharset(charset);
- name = tmpName.toString();
-
-- if (decodeValue) {
-- urlDecode(tmpValue);
-+ if (valueStart >= 0) {
-+ if (decodeValue) {
-+ urlDecode(tmpValue);
-+ }
-+ tmpValue.setCharset(charset);
-+ value = tmpValue.toString();
-+ } else {
-+ value = "";
- }
-- tmpValue.setCharset(charset);
-- value = tmpValue.toString();
-
- addParam(name, value);
- } catch (IOException e) {
diff --git a/debian/patches/series b/debian/patches/series
index 9fb5128..6d9df1c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,7 +7,6 @@
0007-add-OSGi-headers-to-servlet-api.patch
0008-add-OSGI-headers-to-jsp-api.patch
0010-Use-java.security.policy-file-in-catalina.sh.patch
-0011-CVE-2012-0022-regression-fix.patch
cve-2012-2733.patch
cve-2012-3439.patch
0017-eclipse-compiler-update.patch
--
Alioth's hooks/post-receive on /srv/git.debian.org/git/pkg-java/tomcat6.git
More information about the pkg-java-commits
mailing list