[tomcat7] 01/01: Import Debian changes 7.0.56-3+deb8u10
Markus Koschany
apo at moszumanska.debian.org
Wed May 3 11:16:56 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository tomcat7.
commit 5047987407c1d8cd2e41f81af5675671f52943c2
Author: Markus Koschany <apo at debian.org>
Date: Sun Apr 30 21:21:29 2017 +0200
Import Debian changes 7.0.56-3+deb8u10
tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
* Team upload.
* Fix the following security vulnerabilities:
- CVE-2017-5647:
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C.
- CVE-2017-5648:
It was noticed that some calls to application listeners did not use the
appropriate facade object. When running an untrusted application under a
SecurityManager, it was therefore possible for that untrusted application
to retain a reference to the request or response object and thereby access
and/or modify information associated with another web application.
---
debian/changelog | 20 ++
debian/patches/CVE-2017-5647.patch | 492 +++++++++++++++++++++++++++++++++++++
debian/patches/CVE-2017-5648.patch | 110 +++++++++
debian/patches/series | 2 +
4 files changed, 624 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 7376737..10e2756 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
+
+ * Team upload.
+ * Fix the following security vulnerabilities:
+ - CVE-2017-5647:
+ A bug in the handling of the pipelined requests when send file was used
+ resulted in the pipelined request being lost when send file processing of
+ the previous request completed. This could result in responses appearing
+ to be sent for the wrong request. For example, a user agent that sent
+ requests A, B and C could see the correct response for request A, the
+ response for request C for request B and no response for request C.
+ - CVE-2017-5648:
+ It was noticed that some calls to application listeners did not use the
+ appropriate facade object. When running an untrusted application under a
+ SecurityManager, it was therefore possible for that untrusted application
+ to retain a reference to the request or response object and thereby access
+ and/or modify information associated with another web application.
+
+ -- Markus Koschany <apo at debian.org> Sun, 30 Apr 2017 21:21:29 +0200
+
tomcat7 (7.0.56-3+deb8u9) jessie-security; urgency=high
* Team upload.
diff --git a/debian/patches/CVE-2017-5647.patch b/debian/patches/CVE-2017-5647.patch
new file mode 100644
index 0000000..214e2ed
--- /dev/null
+++ b/debian/patches/CVE-2017-5647.patch
@@ -0,0 +1,492 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 14 Apr 2017 20:24:43 +0200
+Subject: CVE-2017-5647
+
+Bug-Debian: https://bugs.debian.org/860068
+Origin: http://svn.apache.org/r1789008
+---
+ java/org/apache/coyote/AbstractProtocol.java | 7 +--
+ .../apache/coyote/http11/Http11AprProcessor.java | 39 +++++++-----
+ .../apache/coyote/http11/Http11NioProcessor.java | 28 +++++++--
+ java/org/apache/tomcat/util/net/AprEndpoint.java | 48 +++++++++------
+ java/org/apache/tomcat/util/net/NioEndpoint.java | 70 +++++++++++-----------
+ .../tomcat/util/net/SendfileKeepAliveState.java | 39 ++++++++++++
+ java/org/apache/tomcat/util/net/SendfileState.java | 37 ++++++++++++
+ 7 files changed, 193 insertions(+), 75 deletions(-)
+ create mode 100644 java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
+ create mode 100644 java/org/apache/tomcat/util/net/SendfileState.java
+
+diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java
+index 916ce05..6db0549 100644
+--- a/java/org/apache/coyote/AbstractProtocol.java
++++ b/java/org/apache/coyote/AbstractProtocol.java
+@@ -667,10 +667,9 @@ public abstract class AbstractProtocol<S> implements ProtocolHandler,
+ release(wrapper, processor, false, true);
+ } else if (state == SocketState.SENDFILE) {
+ // Sendfile in progress. If it fails, the socket will be
+- // closed. If it works, the socket will be re-added to the
+- // poller
+- connections.remove(socket);
+- release(wrapper, processor, false, false);
++ // closed. If it works, the socket either be added to the
++ // poller (or equivalent) to await more data or processed
++ // if there are any pipe-lined requests remaining.
+ } else if (state == SocketState.UPGRADED) {
+ // Need to keep the connection associated with the processor
+ connections.put(socket, processor);
+diff --git a/java/org/apache/coyote/http11/Http11AprProcessor.java b/java/org/apache/coyote/http11/Http11AprProcessor.java
+index 8b19e28..53deb93 100644
+--- a/java/org/apache/coyote/http11/Http11AprProcessor.java
++++ b/java/org/apache/coyote/http11/Http11AprProcessor.java
+@@ -37,6 +37,7 @@ import org.apache.tomcat.util.ExceptionUtils;
+ import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
+ import org.apache.tomcat.util.net.AprEndpoint;
+ import org.apache.tomcat.util.net.SSLSupport;
++import org.apache.tomcat.util.net.SendfileKeepAliveState;
+ import org.apache.tomcat.util.net.SocketStatus;
+ import org.apache.tomcat.util.net.SocketWrapper;
+
+@@ -210,22 +211,31 @@ public class Http11AprProcessor extends AbstractHttp11Processor<Long> {
+ // Do sendfile as needed: add socket to sendfile and end
+ if (sendfileData != null && !getErrorState().isError()) {
+ sendfileData.socket = socketWrapper.getSocket().longValue();
+- sendfileData.keepAlive = keepAlive;
+- if (!((AprEndpoint)endpoint).getSendfile().add(sendfileData)) {
+- // Didn't send all of the data to sendfile.
+- if (sendfileData.socket == 0) {
+- // The socket is no longer set. Something went wrong.
+- // Close the connection. Too late to set status code.
+- if (log.isDebugEnabled()) {
+- log.debug(sm.getString(
+- "http11processor.sendfile.error"));
+- }
+- setErrorState(ErrorState.CLOSE_NOW, null);
++ if (keepAlive) {
++ if (getInputBuffer().available() == 0) {
++ sendfileData.keepAliveState = SendfileKeepAliveState.OPEN;
+ } else {
+- // The sendfile Poller will add the socket to the main
+- // Poller once sendfile processing is complete
+- sendfileInProgress = true;
++ sendfileData.keepAliveState = SendfileKeepAliveState.PIPELINED;
++ }
++ } else {
++ sendfileData.keepAliveState = SendfileKeepAliveState.NONE;
++ }
++ switch (((AprEndpoint)endpoint).getSendfile().add(sendfileData)) {
++ case DONE:
++ return false;
++ case PENDING:
++ // The sendfile Poller will add the socket to the main
++ // Poller once sendfile processing is complete
++ sendfileInProgress = true;
++ return true;
++ case ERROR:
++ // Something went wrong.
++ // Close the connection. Too late to set status code.
++ if (log.isDebugEnabled()) {
++ log.debug(sm.getString(
++ "http11processor.sendfile.error"));
+ }
++ setErrorState(ErrorState.CLOSE_NOW, null);
+ return true;
+ }
+ }
+@@ -233,6 +243,7 @@ public class Http11AprProcessor extends AbstractHttp11Processor<Long> {
+ }
+
+
++
+ @Override
+ protected void resetTimeouts() {
+ // NOOP for APR
+diff --git a/java/org/apache/coyote/http11/Http11NioProcessor.java b/java/org/apache/coyote/http11/Http11NioProcessor.java
+index 5aa212c..6b14a74 100644
+--- a/java/org/apache/coyote/http11/Http11NioProcessor.java
++++ b/java/org/apache/coyote/http11/Http11NioProcessor.java
+@@ -36,6 +36,7 @@ import org.apache.tomcat.util.net.NioEndpoint;
+ import org.apache.tomcat.util.net.NioEndpoint.KeyAttachment;
+ import org.apache.tomcat.util.net.SSLSupport;
+ import org.apache.tomcat.util.net.SecureNioChannel;
++import org.apache.tomcat.util.net.SendfileKeepAliveState;
+ import org.apache.tomcat.util.net.SocketStatus;
+ import org.apache.tomcat.util.net.SocketWrapper;
+
+@@ -267,33 +268,48 @@ public class Http11NioProcessor extends AbstractHttp11Processor<NioChannel> {
+ }
+ }
+
+-
+ @Override
+ protected boolean breakKeepAliveLoop(SocketWrapper<NioChannel> socketWrapper) {
+ openSocket = keepAlive;
+ // Do sendfile as needed: add socket to sendfile and end
+ if (sendfileData != null && !getErrorState().isError()) {
+ ((KeyAttachment) socketWrapper).setSendfileData(sendfileData);
+- sendfileData.keepAlive = keepAlive;
++ if (keepAlive) {
++ if (getInputBuffer().available() == 0) {
++ sendfileData.keepAliveState = SendfileKeepAliveState.OPEN;
++ } else {
++ sendfileData.keepAliveState = SendfileKeepAliveState.PIPELINED;
++ }
++ } else {
++ sendfileData.keepAliveState = SendfileKeepAliveState.NONE;
++ }
+ SelectionKey key = socketWrapper.getSocket().getIOChannel().keyFor(
+ socketWrapper.getSocket().getPoller().getSelector());
+ //do the first write on this thread, might as well
+- if (socketWrapper.getSocket().getPoller().processSendfile(key,
+- (KeyAttachment) socketWrapper, true)) {
++ switch (socketWrapper.getSocket().getPoller().processSendfile(
++ key, (KeyAttachment) socketWrapper, true)) {
++ case DONE:
++ // If sendfile is complete, no need to break keep-alive loop
++ sendfileData = null;
++ return false;
++ case PENDING:
+ sendfileInProgress = true;
+- } else {
++ return true;
++ case ERROR:
+ // Write failed
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("http11processor.sendfile.error"));
+ }
+ setErrorState(ErrorState.CLOSE_NOW, null);
++ return true;
+ }
+- return true;
+ }
+ return false;
+ }
+
+
++
++
+ @Override
+ public void recycleInternal() {
+ socketWrapper = null;
+diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
+index 1e0efcd..4e1fea9 100644
+--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
++++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
+@@ -2032,7 +2032,7 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ // Position
+ public long pos;
+ // KeepAlive flag
+- public boolean keepAlive;
++ public SendfileKeepAliveState keepAliveState = SendfileKeepAliveState.NONE;
+ }
+
+
+@@ -2120,7 +2120,7 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ * @return true if all the data has been sent right away, and false
+ * otherwise
+ */
+- public boolean add(SendfileData data) {
++ public SendfileState add(SendfileData data) {
+ // Initialize fd from data given
+ try {
+ data.fdpool = Socket.pool(data.socket);
+@@ -2138,7 +2138,7 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ if (!(-nw == Status.EAGAIN)) {
+ Pool.destroy(data.fdpool);
+ data.socket = 0;
+- return false;
++ return SendfileState.ERROR;
+ } else {
+ // Break the loop and add the socket to poller.
+ break;
+@@ -2151,13 +2151,13 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ // Set back socket to blocking mode
+ Socket.timeoutSet(
+ data.socket, getSoTimeout() * 1000);
+- return true;
++ return SendfileState.DONE;
+ }
+ }
+ }
+ } catch (Exception e) {
+ log.warn(sm.getString("endpoint.sendfile.error"), e);
+- return false;
++ return SendfileState.ERROR;
+ }
+ // Add socket to the list. Newly added sockets will wait
+ // at most for pollTime before being polled
+@@ -2165,9 +2165,10 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ addS.add(data);
+ this.notify();
+ }
+- return false;
++ return SendfileState.PENDING;
+ }
+
++
+ /**
+ * Remove socket from the poller.
+ *
+@@ -2275,20 +2276,33 @@ public class AprEndpoint extends AbstractEndpoint<Long> {
+ state.pos = state.pos + nw;
+ if (state.pos >= state.end) {
+ remove(state);
+- if (state.keepAlive) {
++ switch (state.keepAliveState) {
++ case NONE: {
++ // Close the socket since this is
++ // the end of the not keep-alive request.
++ closeSocket(state.socket);
++ break;
++ }
++ case PIPELINED: {
++ // Destroy file descriptor pool, which should close the file
++ Pool.destroy(state.fdpool);
++ Socket.timeoutSet(state.socket, getSoTimeout() * 1000);
++ // Process the pipelined request data
++ if (!processSocket(state.socket, SocketStatus.OPEN_READ)) {
++ closeSocket(state.socket);
++ }
++ break;
++ }
++ case OPEN: {
+ // Destroy file descriptor pool, which should close the file
+ Pool.destroy(state.fdpool);
+- Socket.timeoutSet(state.socket,
+- getSoTimeout() * 1000);
+- // If all done put the socket back in the
+- // poller for processing of further requests
+- getPoller().add(
+- state.socket, getKeepAliveTimeout(),
++ Socket.timeoutSet(state.socket, getSoTimeout() * 1000);
++ // Put the socket back in the poller for
++ // processing of further requests
++ getPoller().add(state.socket, getKeepAliveTimeout(),
+ true, false);
+- } else {
+- // Close the socket since this is
+- // the end of not keep-alive request.
+- closeSocket(state.socket);
++ break;
++ }
+ }
+ }
+ }
+diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java b/java/org/apache/tomcat/util/net/NioEndpoint.java
+index 185336c..1908706 100644
+--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
++++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
+@@ -1300,17 +1300,8 @@ public class NioEndpoint extends AbstractEndpoint<NioChannel> {
+ return result;
+ }
+
+- /**
+- * @deprecated Replaced by processSendfile(sk, attachment, event)
+- */
+- @Deprecated
+- public boolean processSendfile(SelectionKey sk,
+- KeyAttachment attachment,
+- @SuppressWarnings("unused") boolean reg, boolean event) {
+- return processSendfile(sk, attachment, event);
+- }
+-
+- public boolean processSendfile(SelectionKey sk, KeyAttachment attachment, boolean event) {
++ public SendfileState processSendfile(SelectionKey sk, KeyAttachment attachment,
++ boolean calledByProcessor) {
+ NioChannel sc = null;
+ try {
+ unreg(sk, attachment, sk.readyOps());
+@@ -1325,7 +1316,7 @@ public class NioEndpoint extends AbstractEndpoint<NioChannel> {
+ File f = new File(sd.fileName);
+ if ( !f.exists() ) {
+ cancelledKey(sk,SocketStatus.ERROR,false);
+- return false;
++ return SendfileState.ERROR;
+ }
+ @SuppressWarnings("resource") // Closed when channel is closed
+ FileInputStream fis = new FileInputStream(f);
+@@ -1334,7 +1325,6 @@ public class NioEndpoint extends AbstractEndpoint<NioChannel> {
+
+ //configure output channel
+ sc = attachment.getChannel();
+- sc.setSendFile(true);
+ //ssl channel is slightly different
+ WritableByteChannel wc = ((sc instanceof SecureNioChannel)?sc:sc.getIOChannel());
+
+@@ -1367,49 +1357,61 @@ public class NioEndpoint extends AbstractEndpoint<NioChannel> {
+ sd.fchannel.close();
+ } catch (Exception ignore) {
+ }
+- if ( sd.keepAlive ) {
++ // For calls from outside the Poller, the caller is
++ // responsible for registering the socket for the
++ // appropriate event(s) if sendfile completes.
++ if (!calledByProcessor) {
++ switch (sd.keepAliveState) {
++ case NONE: {
+ if (log.isDebugEnabled()) {
+- log.debug("Connection is keep alive, registering back for OP_READ");
++ log.debug("Send file connection is being closed");
+ }
+- if (event) {
+- this.add(attachment.getChannel(),SelectionKey.OP_READ);
+- } else {
+- reg(sk,attachment,SelectionKey.OP_READ);
++ cancelledKey(sk,SocketStatus.STOP,false);
++ break;
++ }
++ case PIPELINED: {
++ if (log.isDebugEnabled()) {
++ log.debug("Connection is keep alive, processing pipe-lined data");
+ }
+- } else {
+- if (log.isDebugEnabled()) {
+- log.debug("Send file connection is being closed");
++ if (!processSocket(sc, SocketStatus.OPEN_READ, true)) {
++ cancelledKey(sk, SocketStatus.DISCONNECT, false);
++ }
++ break;
++ }
++ case OPEN: {
++ if (log.isDebugEnabled()) {
++ log.debug("Connection is keep alive, registering back for OP_READ");
++ }
++ reg(sk, attachment, SelectionKey.OP_READ);
++ break;
++ }
+ }
+- cancelledKey(sk,SocketStatus.STOP,false);
+- return false;
+ }
++ return SendfileState.DONE;
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("OP_WRITE for sendfile: " + sd.fileName);
+ }
+- if (event) {
++ if (calledByProcessor) {
+ add(attachment.getChannel(),SelectionKey.OP_WRITE);
+ } else {
+ reg(sk,attachment,SelectionKey.OP_WRITE);
+ }
++ return SendfileState.PENDING;
+ }
+ }catch ( IOException x ) {
+ if ( log.isDebugEnabled() ) log.debug("Unable to complete sendfile request:", x);
+- cancelledKey(sk,SocketStatus.ERROR,false);
+- if (!event) {
++ if (!calledByProcessor) {
+ cancelledKey(sk,SocketStatus.ERROR,false);
+ }
+- return false;
++ return SendfileState.ERROR;
+ }catch ( Throwable t ) {
+ log.error("",t);
+- if (!event) {
++ if (!calledByProcessor) {
+ cancelledKey(sk, SocketStatus.ERROR, false);
+ }
+- return false;
+- }finally {
+- if (sc!=null) sc.setSendFile(false);
++ return SendfileState.ERROR;
+ }
+- return true;
+ }
+
+ protected void unreg(SelectionKey sk, KeyAttachment attachment, int readyOps) {
+@@ -1815,6 +1817,6 @@ public class NioEndpoint extends AbstractEndpoint<NioChannel> {
+ public long pos;
+ public long length;
+ // KeepAlive flag
+- public boolean keepAlive;
++ public SendfileKeepAliveState keepAliveState = SendfileKeepAliveState.NONE;
+ }
+ }
+diff --git a/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java b/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
+new file mode 100644
+index 0000000..b27a9f1
+--- /dev/null
++++ b/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
+@@ -0,0 +1,39 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.tomcat.util.net;
++
++public enum SendfileKeepAliveState {
++
++ /**
++ * Keep-alive is not in use. The socket can be closed when the response has
++ * been written.
++ */
++ NONE,
++
++ /**
++ * Keep-alive is in use and there is pipelined data in the input buffer to
++ * be read as soon as the current response has been written.
++ */
++ PIPELINED,
++
++ /**
++ * Keep-alive is in use. The socket should be added to the poller (or
++ * equivalent) to await more data as soon as the current response has been
++ * written.
++ */
++ OPEN
++}
+diff --git a/java/org/apache/tomcat/util/net/SendfileState.java b/java/org/apache/tomcat/util/net/SendfileState.java
+new file mode 100644
+index 0000000..b354e2f
+--- /dev/null
++++ b/java/org/apache/tomcat/util/net/SendfileState.java
+@@ -0,0 +1,37 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.tomcat.util.net;
++
++public enum SendfileState {
++
++ /**
++ * The sending of the file has started but has not completed. Sendfile is
++ * still using the socket.
++ */
++ PENDING,
++
++ /**
++ * The file has been fully sent. Sendfile is no longer using the socket.
++ */
++ DONE,
++
++ /**
++ * Something went wrong. The file may or may not have been sent. The socket
++ * is in an unknown state.
++ */
++ ERROR
++}
diff --git a/debian/patches/CVE-2017-5648.patch b/debian/patches/CVE-2017-5648.patch
new file mode 100644
index 0000000..3203446
--- /dev/null
+++ b/debian/patches/CVE-2017-5648.patch
@@ -0,0 +1,110 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 14 Apr 2017 19:22:18 +0200
+Subject: CVE-2017-5648
+
+Bug-Debian: https://bugs.debian.org/860068
+Origin: http://svn.apache.org/r1785776
+---
+ .../apache/catalina/authenticator/FormAuthenticator.java | 11 +++++------
+ java/org/apache/catalina/core/StandardHostValve.java | 14 +++++++-------
+ 2 files changed, 12 insertions(+), 13 deletions(-)
+
+diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
+index d7e9eb5..825298a 100644
+--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
++++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
+@@ -433,9 +433,9 @@ public class FormAuthenticator
+ RequestDispatcher disp =
+ context.getServletContext().getRequestDispatcher(loginPage);
+ try {
+- if (context.fireRequestInitEvent(request)) {
++ if (context.fireRequestInitEvent(request.getRequest())) {
+ disp.forward(request.getRequest(), response);
+- context.fireRequestDestroyEvent(request);
++ context.fireRequestDestroyEvent(request.getRequest());
+ }
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+@@ -477,12 +477,11 @@ public class FormAuthenticator
+ }
+
+ RequestDispatcher disp =
+- context.getServletContext().getRequestDispatcher
+- (config.getErrorPage());
++ context.getServletContext().getRequestDispatcher(config.getErrorPage());
+ try {
+- if (context.fireRequestInitEvent(request)) {
++ if (context.fireRequestInitEvent(request.getRequest())) {
+ disp.forward(request.getRequest(), response);
+- context.fireRequestDestroyEvent(request);
++ context.fireRequestDestroyEvent(request.getRequest());
+ }
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+diff --git a/java/org/apache/catalina/core/StandardHostValve.java b/java/org/apache/catalina/core/StandardHostValve.java
+index b7dcdf2..509b543 100644
+--- a/java/org/apache/catalina/core/StandardHostValve.java
++++ b/java/org/apache/catalina/core/StandardHostValve.java
+@@ -66,7 +66,7 @@ final class StandardHostValve extends ValveBase {
+
+ static {
+ STRICT_SERVLET_COMPLIANCE = Globals.STRICT_SERVLET_COMPLIANCE;
+-
++
+ String accessSession = System.getProperty(
+ "org.apache.catalina.core.StandardHostValve.ACCESS_SESSION");
+ if (accessSession == null) {
+@@ -147,7 +147,7 @@ final class StandardHostValve extends ValveBase {
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+ context.getLoader().getClassLoader());
+- AccessController.doPrivileged(pa);
++ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader
+ (context.getLoader().getClassLoader());
+@@ -162,7 +162,7 @@ final class StandardHostValve extends ValveBase {
+ // An async error page may dispatch to another resource. This flag helps
+ // ensure an infinite error handling loop is not entered
+ boolean errorAtStart = response.isError();
+- if (asyncAtStart || context.fireRequestInitEvent(request)) {
++ if (asyncAtStart || context.fireRequestInitEvent(request.getRequest())) {
+
+ // Ask this Context to process this request
+ try {
+@@ -208,7 +208,7 @@ final class StandardHostValve extends ValveBase {
+ }
+ }
+
+- context.fireRequestDestroyEvent(request);
++ context.fireRequestDestroyEvent(request.getRequest());
+ }
+ }
+ }
+@@ -223,7 +223,7 @@ final class StandardHostValve extends ValveBase {
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+ StandardHostValve.class.getClassLoader());
+- AccessController.doPrivileged(pa);
++ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader
+ (StandardHostValve.class.getClassLoader());
+@@ -259,7 +259,7 @@ final class StandardHostValve extends ValveBase {
+ // Ask this Context to process this request
+ context.getPipeline().getFirst().event(request, response, event);
+
+-
++
+ // Error page processing
+ response.setSuspended(false);
+
+@@ -463,7 +463,7 @@ final class StandardHostValve extends ValveBase {
+
+ if (response.isCommitted()) {
+ // Response is committed - including the error page is the
+- // best we can do
++ // best we can do
+ rd.include(request.getRequest(), response.getResponse());
+ } else {
+ // Reset the response (keeping the real error code and message)
diff --git a/debian/patches/series b/debian/patches/series
index c0c97d4..fcf51f5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,3 +40,5 @@ CVE-2016-8735.patch
CVE-2016-8745.patch
BZ57544-infinite-loop.patch
BZ57544-infinite-loop-part2.patch
+CVE-2017-5647.patch
+CVE-2017-5648.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list