[tomcat8] 03/11: Enhanced the description of the patches
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Sat Nov 12 00:15:02 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat8.
commit d2125fc4a5a5d895650e3b539cc346919c273625
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Wed Jun 22 19:37:34 2016 +0200
Enhanced the description of the patches
---
debian/patches/CVE-2015-5174.patch | 20 ++++-----
debian/patches/CVE-2015-5345.patch | 29 +++----------
debian/patches/CVE-2015-5346.patch | 36 ++++++----------
debian/patches/CVE-2015-5351.patch | 36 +++-------------
debian/patches/CVE-2016-0706.patch | 21 +++------
debian/patches/CVE-2016-0714.patch | 88 ++++++++++++--------------------------
debian/patches/CVE-2016-0763.patch | 24 ++++-------
7 files changed, 77 insertions(+), 177 deletions(-)
diff --git a/debian/patches/CVE-2015-5174.patch b/debian/patches/CVE-2015-5174.patch
index 989a383..5c927a4 100644
--- a/debian/patches/CVE-2015-5174.patch
+++ b/debian/patches/CVE-2015-5174.patch
@@ -1,15 +1,11 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sat, 28 May 2016 01:54:08 +0000
-Subject: CVE-2015-5174
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1696281
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1700897
----
- java/org/apache/tomcat/util/http/RequestUtil.java | 45 ++++++----
- .../apache/tomcat/util/http/TestRequestUtil.java | 100 +++++++++++++++++++--
- webapps/docs/changelog.xml | 11 +++
- 3 files changed, 135 insertions(+), 21 deletions(-)
-
+Description: Fixes CVE-2015-5174: Directory traversal vulnerability in RequestUtil
+ allows remote authenticated users to bypass intended SecurityManager restrictions
+ and list a parent directory via a /.. (slash dot dot) in a pathname used by a
+ web application in a getResource, getResourceAsStream, or getResourcePaths call,
+ as demonstrated by the $CATALINA_BASE/webapps directory.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1696281
+ https://svn.apache.org/r1700897
--- a/java/org/apache/tomcat/util/http/RequestUtil.java
+++ b/java/org/apache/tomcat/util/http/RequestUtil.java
@@ -56,9 +56,6 @@
diff --git a/debian/patches/CVE-2015-5345.patch b/debian/patches/CVE-2015-5345.patch
index 4e1547f..f771868 100644
--- a/debian/patches/CVE-2015-5345.patch
+++ b/debian/patches/CVE-2015-5345.patch
@@ -1,25 +1,10 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sun, 29 May 2016 18:09:44 +0200
-Subject: CVE-2015-5345
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1715207
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1717209
----
- java/org/apache/catalina/Context.java | 40 ++++++++++++++
- .../catalina/authenticator/FormAuthenticator.java | 14 +++++
- java/org/apache/catalina/core/StandardContext.java | 35 ++++++++++++
- .../apache/catalina/core/mbeans-descriptors.xml | 8 +++
- java/org/apache/catalina/mapper/Mapper.java | 31 ++++++-----
- .../apache/catalina/servlets/DefaultServlet.java | 28 +++++++++-
- .../apache/catalina/servlets/WebdavServlet.java | 5 ++
- .../org/apache/catalina/startup/FailedContext.java | 19 ++++++-
- test/org/apache/catalina/core/TesterContext.java | 17 ++++++
- .../apache/catalina/mapper/TestMapperWebapps.java | 64 ++++++++++++++++++++++
- .../apache/catalina/startup/TomcatBaseTest.java | 3 +-
- webapps/docs/changelog.xml | 15 +++++
- webapps/docs/config/context.xml | 16 ++++++
- 13 files changed, 276 insertions(+), 19 deletions(-)
-
+Description: Fixes CVE-2015-5345: The Mapper component in Apache Tomcat processes
+ redirects before considering security constraints and Filters, which allows
+ remote attackers to determine the existence of a directory via a URL that lacks
+ a trailing / (slash) character.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1715207
+ https://svn.apache.org/r1717209
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -1674,4 +1674,44 @@
diff --git a/debian/patches/CVE-2015-5346.patch b/debian/patches/CVE-2015-5346.patch
index 95f08bc..399196f 100644
--- a/debian/patches/CVE-2015-5346.patch
+++ b/debian/patches/CVE-2015-5346.patch
@@ -1,20 +1,14 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sat, 28 May 2016 03:11:58 +0000
-Subject: CVE-2015-5346
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1713185
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1723506
----
- .../apache/catalina/connector/CoyoteAdapter.java | 8 ++--
- java/org/apache/catalina/connector/Request.java | 52 ++++++++++++++--------
- webapps/docs/changelog.xml | 8 ++++
- 3 files changed, 46 insertions(+), 22 deletions(-)
-
-diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
-index e3ff219..775862d 100644
+Description: Fixes CVE-2015-5346: Session fixation vulnerability in Apache Tomcat
+ when different session settings are used for deployments of multiple versions
+ of the same web application, might allow remote attackers to hijack web sessions
+ by leveraging use of a requestedSessionSSL field for an unintended request,
+ related to CoyoteAdapter.java and Request.java.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1713185
+ https://svn.apache.org/r1723506
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
-@@ -941,9 +941,11 @@ public class CoyoteAdapter implements Adapter {
+@@ -941,9 +941,11 @@
// Reset mapping
request.getMappingData().recycle();
mapRequired = true;
@@ -29,11 +23,9 @@ index e3ff219..775862d 100644
}
break;
}
-diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
-index 2d24ba4..55682be 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
-@@ -287,6 +287,11 @@ public class Request
+@@ -287,6 +287,11 @@
*/
protected boolean cookiesParsed = false;
@@ -45,7 +37,7 @@ index 2d24ba4..55682be 100644
/**
* Secure flag.
-@@ -461,7 +466,6 @@ public class Request
+@@ -461,7 +466,6 @@
parts = null;
}
partsParseException = null;
@@ -53,7 +45,7 @@ index 2d24ba4..55682be 100644
locales.clear();
localesParsed = false;
secure = false;
-@@ -475,20 +479,9 @@ public class Request
+@@ -475,20 +479,9 @@
attributes.clear();
sslAttributesParsed = false;
notes.clear();
@@ -76,7 +68,7 @@ index 2d24ba4..55682be 100644
if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
parameterMap = new ParameterMap<>();
-@@ -531,11 +524,32 @@ public class Request
+@@ -531,11 +524,32 @@
}
@@ -114,8 +106,6 @@ index 2d24ba4..55682be 100644
return (inputBuffer.realReadBytes(null, 0, 0) > 0);
}
-diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
-index f552c88..cb4c914 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -184,6 +184,10 @@
diff --git a/debian/patches/CVE-2015-5351.patch b/debian/patches/CVE-2015-5351.patch
index 88b34d0..8ca74aa 100644
--- a/debian/patches/CVE-2015-5351.patch
+++ b/debian/patches/CVE-2015-5351.patch
@@ -1,21 +1,9 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sat, 28 May 2016 03:13:41 +0000
-Subject: CVE-2015-5351
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1720658
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1720660
----
- webapps/docs/changelog.xml | 7 +++++++
- webapps/host-manager/WEB-INF/jsp/401.jsp | 1 +
- webapps/host-manager/WEB-INF/jsp/403.jsp | 1 +
- webapps/host-manager/WEB-INF/jsp/404.jsp | 3 ++-
- webapps/host-manager/index.jsp | 4 ++--
- webapps/manager/WEB-INF/web.xml | 1 -
- webapps/manager/index.jsp | 4 ++--
- 7 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
-index cb4c914..92d5b3c 100644
+Description: Fixes CVE-2015-5351: The Manager and Host Manager applications establish
+ sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers
+ to bypass a CSRF protection mechanism by using a token.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1720658
+ https://svn.apache.org/r1720660
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -326,6 +326,13 @@
@@ -32,8 +20,6 @@ index cb4c914..92d5b3c 100644
</changelog>
</subsection>
<subsection name="WebSocket">
-diff --git a/webapps/host-manager/WEB-INF/jsp/401.jsp b/webapps/host-manager/WEB-INF/jsp/401.jsp
-index 83c8c6f..047766b 100644
--- a/webapps/host-manager/WEB-INF/jsp/401.jsp
+++ b/webapps/host-manager/WEB-INF/jsp/401.jsp
@@ -14,6 +14,7 @@
@@ -44,8 +30,6 @@ index 83c8c6f..047766b 100644
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
-diff --git a/webapps/host-manager/WEB-INF/jsp/403.jsp b/webapps/host-manager/WEB-INF/jsp/403.jsp
-index 2dbb448..5eff6f0 100644
--- a/webapps/host-manager/WEB-INF/jsp/403.jsp
+++ b/webapps/host-manager/WEB-INF/jsp/403.jsp
@@ -14,6 +14,7 @@
@@ -56,8 +40,6 @@ index 2dbb448..5eff6f0 100644
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
-diff --git a/webapps/host-manager/WEB-INF/jsp/404.jsp b/webapps/host-manager/WEB-INF/jsp/404.jsp
-index d1b5b0b..9816df5 100644
--- a/webapps/host-manager/WEB-INF/jsp/404.jsp
+++ b/webapps/host-manager/WEB-INF/jsp/404.jsp
@@ -14,7 +14,8 @@
@@ -70,8 +52,6 @@ index d1b5b0b..9816df5 100644
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
-diff --git a/webapps/host-manager/index.jsp b/webapps/host-manager/index.jsp
-index d4816e5..2806b76 100644
--- a/webapps/host-manager/index.jsp
+++ b/webapps/host-manager/index.jsp
@@ -14,5 +14,5 @@
@@ -84,8 +64,6 @@ index d4816e5..2806b76 100644
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+<% response.sendRedirect(request.getContextPath() + "/html"); %>
\ No newline at end of file
-diff --git a/webapps/manager/WEB-INF/web.xml b/webapps/manager/WEB-INF/web.xml
-index 230199e..ef917e6 100644
--- a/webapps/manager/WEB-INF/web.xml
+++ b/webapps/manager/WEB-INF/web.xml
@@ -115,7 +115,6 @@
@@ -96,8 +74,6 @@ index 230199e..ef917e6 100644
</filter-mapping>
<!-- Define a Security Constraint on this Application -->
-diff --git a/webapps/manager/index.jsp b/webapps/manager/index.jsp
-index d4816e5..ff4f47b 100644
--- a/webapps/manager/index.jsp
+++ b/webapps/manager/index.jsp
@@ -14,5 +14,5 @@
diff --git a/debian/patches/CVE-2016-0706.patch b/debian/patches/CVE-2016-0706.patch
index 4f497d4..84cdd5d 100644
--- a/debian/patches/CVE-2016-0706.patch
+++ b/debian/patches/CVE-2016-0706.patch
@@ -1,15 +1,10 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sat, 28 May 2016 13:15:51 +0000
-Subject: CVE-2016-0706
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1722800
----
- java/org/apache/catalina/core/RestrictedServlets.properties | 1 +
- webapps/docs/changelog.xml | 4 ++++
- 2 files changed, 5 insertions(+)
-
-diff --git a/java/org/apache/catalina/core/RestrictedServlets.properties b/java/org/apache/catalina/core/RestrictedServlets.properties
-index d336968..cefa249 100644
+Description: Fixes CVE-2016-0706: Apache Tomcat does not place StatusManagerServlet
+ on the RestrictedServlets.properties list, which allows remote authenticated
+ users to bypass intended SecurityManager restrictions and read arbitrary HTTP
+ requests, and consequently discover session ID values, via a crafted web
+ application.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1722800
--- a/java/org/apache/catalina/core/RestrictedServlets.properties
+++ b/java/org/apache/catalina/core/RestrictedServlets.properties
@@ -16,3 +16,4 @@
@@ -17,8 +12,6 @@ index d336968..cefa249 100644
org.apache.catalina.servlets.CGIServlet=restricted
org.apache.catalina.manager.JMXProxyServlet=restricted
+org.apache.catalina.manager.StatusManagerServlet=restricted
-diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
-index 92d5b3c..f075094 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -333,6 +333,10 @@
diff --git a/debian/patches/CVE-2016-0714.patch b/debian/patches/CVE-2016-0714.patch
index f3fd235..5d6fae2 100644
--- a/debian/patches/CVE-2016-0714.patch
+++ b/debian/patches/CVE-2016-0714.patch
@@ -1,28 +1,13 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sun, 29 May 2016 15:11:37 +0200
-Subject: CVE-2016-0714
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1726196
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1726203
----
- .../catalina/ha/session/ClusterManagerBase.java | 3 +
- .../catalina/ha/session/mbeans-descriptors.xml | 24 +++
- .../catalina/session/LocalStrings.properties | 2 +
- java/org/apache/catalina/session/ManagerBase.java | 172 ++++++++++++++++++++-
- .../apache/catalina/session/StandardManager.java | 9 +-
- .../apache/catalina/session/mbeans-descriptors.xml | 20 +++
- .../catalina/util/CustomObjectInputStream.java | 89 ++++++++++-
- .../apache/catalina/util/LocalStrings.properties | 2 +
- webapps/docs/changelog.xml | 8 +
- webapps/docs/config/cluster-manager.xml | 71 +++++++++
- webapps/docs/config/manager.xml | 69 +++++++++
- 11 files changed, 463 insertions(+), 6 deletions(-)
-
-diff --git a/java/org/apache/catalina/ha/session/ClusterManagerBase.java b/java/org/apache/catalina/ha/session/ClusterManagerBase.java
-index 8eb284d..ee601a8 100644
+Description: Fixes CVE-2016-0714: The session-persistence implementation mishandles
+ session attributes, which allows remote authenticated users to bypass intended
+ SecurityManager restrictions and execute arbitrary code in a privileged context
+ via a web application that places a crafted object in a session.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1726196
+ https://svn.apache.org/r1726203
--- a/java/org/apache/catalina/ha/session/ClusterManagerBase.java
+++ b/java/org/apache/catalina/ha/session/ClusterManagerBase.java
-@@ -196,6 +196,9 @@ public abstract class ClusterManagerBase extends ManagerBase implements ClusterM
+@@ -196,6 +196,9 @@
copy.setProcessExpiresFrequency(getProcessExpiresFrequency());
copy.setNotifyListenersOnReplication(isNotifyListenersOnReplication());
copy.setSessionAttributeFilter(getSessionAttributeFilter());
@@ -32,8 +17,6 @@ index 8eb284d..ee601a8 100644
copy.setSecureRandomClass(getSecureRandomClass());
copy.setSecureRandomProvider(getSecureRandomProvider());
copy.setSecureRandomAlgorithm(getSecureRandomAlgorithm());
-diff --git a/java/org/apache/catalina/ha/session/mbeans-descriptors.xml b/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
-index 76a689e..feff5cc 100644
--- a/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
@@ -309,6 +309,18 @@
@@ -74,11 +57,9 @@ index 76a689e..feff5cc 100644
<operation
name="expireSession"
description="Expired the given session"
-diff --git a/java/org/apache/catalina/session/LocalStrings.properties b/java/org/apache/catalina/session/LocalStrings.properties
-index 7b00a4c..67eb04e 100644
--- a/java/org/apache/catalina/session/LocalStrings.properties
+++ b/java/org/apache/catalina/session/LocalStrings.properties
-@@ -32,6 +32,8 @@ JDBCStore.missingDataSourceName=No valid JNDI name was given.
+@@ -32,6 +32,8 @@
JDBCStore.commitSQLException=SQLException committing connection before closing
managerBase.container.noop=Managers added to containers other than Contexts will never be used
managerBase.createSession.ise=createSession: Too many active sessions
@@ -87,11 +68,9 @@ index 7b00a4c..67eb04e 100644
managerBase.sessionTimeout=Invalid session timeout setting {0}
standardManager.loading=Loading persisted sessions from {0}
standardManager.loading.exception=Exception while loading persisted sessions
-diff --git a/java/org/apache/catalina/session/ManagerBase.java b/java/org/apache/catalina/session/ManagerBase.java
-index b09348a..ada88f1 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
-@@ -32,10 +32,13 @@ import java.util.List;
+@@ -32,10 +32,13 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
@@ -105,7 +84,7 @@ index b09348a..ada88f1 100644
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
-@@ -210,8 +213,57 @@ public abstract class ManagerBase extends LifecycleMBeanBase
+@@ -210,8 +213,57 @@
protected final PropertyChangeSupport support =
new PropertyChangeSupport(this);
@@ -164,7 +143,7 @@ index b09348a..ada88f1 100644
@Override
@Deprecated
-@@ -220,6 +272,86 @@ public abstract class ManagerBase extends LifecycleMBeanBase
+@@ -220,6 +272,86 @@
}
@@ -251,7 +230,7 @@ index b09348a..ada88f1 100644
@Override
@Deprecated
public void setContainer(Container container) {
-@@ -839,6 +971,44 @@ public abstract class ManagerBase extends LifecycleMBeanBase
+@@ -839,6 +971,44 @@
notifySessionListeners, notifyContainerListeners);
}
@@ -296,11 +275,9 @@ index b09348a..ada88f1 100644
// ------------------------------------------------------ Protected Methods
-diff --git a/java/org/apache/catalina/session/StandardManager.java b/java/org/apache/catalina/session/StandardManager.java
-index b1eb80b..a63ae7e 100644
--- a/java/org/apache/catalina/session/StandardManager.java
+++ b/java/org/apache/catalina/session/StandardManager.java
-@@ -208,19 +208,24 @@ public class StandardManager extends ManagerBase {
+@@ -208,19 +208,24 @@
BufferedInputStream bis = null;
ObjectInputStream ois = null;
Loader loader = null;
@@ -327,8 +304,6 @@ index b1eb80b..a63ae7e 100644
} else {
if (log.isDebugEnabled())
log.debug("Creating standard object input stream");
-diff --git a/java/org/apache/catalina/session/mbeans-descriptors.xml b/java/org/apache/catalina/session/mbeans-descriptors.xml
-index 4f9b01e..4edf79b 100644
--- a/java/org/apache/catalina/session/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/session/mbeans-descriptors.xml
@@ -132,6 +132,15 @@
@@ -365,11 +340,9 @@ index 4f9b01e..4edf79b 100644
<operation name="backgroundProcess"
description="Invalidate all sessions that have expired."
impact="ACTION"
-diff --git a/java/org/apache/catalina/util/CustomObjectInputStream.java b/java/org/apache/catalina/util/CustomObjectInputStream.java
-index f63d777..25793e4 100644
--- a/java/org/apache/catalina/util/CustomObjectInputStream.java
+++ b/java/org/apache/catalina/util/CustomObjectInputStream.java
-@@ -19,9 +19,18 @@ package org.apache.catalina.util;
+@@ -19,9 +19,18 @@
import java.io.IOException;
import java.io.InputStream;
@@ -388,7 +361,7 @@ index f63d777..25793e4 100644
/**
* Custom subclass of <code>ObjectInputStream</code> that loads from the
-@@ -35,14 +44,26 @@ public final class CustomObjectInputStream
+@@ -35,14 +44,26 @@
extends ObjectInputStream {
@@ -416,7 +389,7 @@ index f63d777..25793e4 100644
*
* @param stream The input stream we will read from
* @param classLoader The class loader used to instantiate objects
-@@ -53,10 +74,56 @@ public final class CustomObjectInputStream
+@@ -53,11 +74,57 @@
ClassLoader classLoader)
throws IOException {
@@ -451,7 +424,6 @@ index f63d777..25793e4 100644
+ sm.getString("customObjectInputStream.logRequired"));
+ }
this.classLoader = classLoader;
-- }
+ this.log = log;
+ this.allowedClassNamePattern = allowedClassNamePattern;
+ if (allowedClassNamePattern == null) {
@@ -460,7 +432,7 @@ index f63d777..25793e4 100644
+ this.allowedClassNameFilter = allowedClassNamePattern.toString();
+ }
+ this.warnOnFailure = warnOnFailure;
-
++
+ Set<String> reportedClasses;
+ synchronized (reportedClassCache) {
+ reportedClasses = reportedClassCache.get(classLoader);
@@ -470,11 +442,13 @@ index f63d777..25793e4 100644
+ }
+ }
+ this.reportedClasses = reportedClasses;
-+ }
+ }
+-
/**
* Load the local class equivalent of the specified stream class
-@@ -70,8 +137,24 @@ public final class CustomObjectInputStream
+ * description, by using the class loader assigned to this Context.
+@@ -70,8 +137,24 @@
@Override
public Class<?> resolveClass(ObjectStreamClass classDesc)
throws ClassNotFoundException, IOException {
@@ -500,11 +474,9 @@ index f63d777..25793e4 100644
} catch (ClassNotFoundException e) {
try {
// Try also the superclass because of primitive types
-diff --git a/java/org/apache/catalina/util/LocalStrings.properties b/java/org/apache/catalina/util/LocalStrings.properties
-index 55dea98..6aeb973 100644
--- a/java/org/apache/catalina/util/LocalStrings.properties
+++ b/java/org/apache/catalina/util/LocalStrings.properties
-@@ -17,6 +17,8 @@ parameterMap.locked=No modifications are allowed to a locked ParameterMap
+@@ -17,6 +17,8 @@
resourceSet.locked=No modifications are allowed to a locked ResourceSet
hexUtil.bad=Bad hexadecimal digit
hexUtil.odd=Odd number of hexadecimal digits
@@ -513,8 +485,6 @@ index 55dea98..6aeb973 100644
#Default Messages Utilized by the ExtensionValidator
extensionValidator.web-application-manifest=Web Application Manifest
extensionValidator.extension-not-found-error=ExtensionValidator[{0}][{1}]: Required extension [{2}] not found.
-diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
-index d18692c..a0b4788 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -308,6 +308,14 @@
@@ -532,11 +502,9 @@ index d18692c..a0b4788 100644
</changelog>
</subsection>
<subsection name="Jasper">
-diff --git a/webapps/docs/config/cluster-manager.xml b/webapps/docs/config/cluster-manager.xml
-index 377884a..4958a39 100644
--- a/webapps/docs/config/cluster-manager.xml
+++ b/webapps/docs/config/cluster-manager.xml
-@@ -182,6 +183,30 @@
+@@ -182,6 +182,30 @@
effective only when <code>sendAllSessions</code> is <code>false</code>.
Default is <code>2000</code> milliseconds.
</attribute>
@@ -567,7 +535,7 @@ index 377884a..4958a39 100644
<attribute name="stateTimestampDrop" required="false">
When this node sends a <code>GET_ALL_SESSIONS</code> message to other
node, all session messages that are received as a response are queued.
-@@ -193,6 +218,17 @@
+@@ -193,6 +217,17 @@
If set to <code>false</code>, all queued session messages are handled.
Default is <code>true</code>.
</attribute>
@@ -585,7 +553,7 @@ index 377884a..4958a39 100644
</attributes>
</subsection>
<subsection name="org.apache.catalina.ha.session.BackupManager Attributes">
-@@ -216,6 +252,30 @@
+@@ -216,6 +251,30 @@
another map.
Default value is <code>15000</code> milliseconds.
</attribute>
@@ -616,7 +584,7 @@ index 377884a..4958a39 100644
<attribute name="terminateOnStartFailure" required="false">
Set to true if you wish to terminate replication map when replication
map fails to start. If replication map is terminated, associated context
-@@ -223,6 +283,17 @@
+@@ -223,6 +282,17 @@
does not end. It will try to join the map membership in the heartbeat.
Default value is <code>false</code> .
</attribute>
@@ -634,8 +602,6 @@ index 377884a..4958a39 100644
</attributes>
</subsection>
</section>
-diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml
-index 3ab728b..3726fe5 100644
--- a/webapps/docs/config/manager.xml
+++ b/webapps/docs/config/manager.xml
@@ -175,6 +175,40 @@
diff --git a/debian/patches/CVE-2016-0763.patch b/debian/patches/CVE-2016-0763.patch
index 1e8e34e..313cc21 100644
--- a/debian/patches/CVE-2016-0763.patch
+++ b/debian/patches/CVE-2016-0763.patch
@@ -1,18 +1,14 @@
-From: Markus Koschany <apo at debian.org>
-Date: Sat, 28 May 2016 15:46:37 +0200
-Subject: CVE-2016-0763
-
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1725929
----
- java/org/apache/naming/factory/ResourceLinkFactory.java | 5 +++++
- webapps/docs/changelog.xml | 4 ++++
- 2 files changed, 9 insertions(+)
-
-diff --git a/java/org/apache/naming/factory/ResourceLinkFactory.java b/java/org/apache/naming/factory/ResourceLinkFactory.java
-index 808192c..8a43e74 100644
+Description: Fixes CVE-2016-0763: The setGlobalContext method in ResourceLinkFactory
+ in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext
+ callers are authorized, which allows remote authenticated users to bypass intended
+ SecurityManager restrictions and read or write to arbitrary application data,
+ or cause a denial of service (application disruption), via a web application
+ that sets a crafted global context.
+Author: Markus Koschany <apo at debian.org>
+Origin: backport, https://svn.apache.org/r1725929
--- a/java/org/apache/naming/factory/ResourceLinkFactory.java
+++ b/java/org/apache/naming/factory/ResourceLinkFactory.java
-@@ -60,6 +60,11 @@ public class ResourceLinkFactory
+@@ -60,6 +60,11 @@
* @param newGlobalContext new global context value
*/
public static void setGlobalContext(Context newGlobalContext) {
@@ -24,8 +20,6 @@ index 808192c..8a43e74 100644
globalContext = newGlobalContext;
}
-diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
-index f075094..d18692c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -337,6 +337,10 @@
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list