[tomcat8] 02/03: Refreshed the patches
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Tue Apr 18 12:53:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository tomcat8.
commit be39027948462c3827cf2aed9e0173afdf8ac54b
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Tue Apr 18 09:52:58 2017 +0200
Refreshed the patches
---
debian/changelog | 8 +++
...-deploy-webapps-target-from-deploy-target.patch | 4 +-
debian/patches/0005-skip-test-failures.patch | 2 +-
debian/patches/0010-debianize-build-xml.patch | 4 +-
debian/patches/CVE-2017-5647.patch | 29 +++-------
debian/patches/CVE-2017-5648.patch | 65 ----------------------
debian/patches/CVE-2017-5650.patch | 4 +-
debian/patches/CVE-2017-5651.patch | 22 ++++----
debian/patches/series | 1 -
9 files changed, 31 insertions(+), 108 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 2af6b8a..5623157 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+tomcat8 (8.5.12-1) UNRELEASED; urgency=medium
+
+ * Team upload.
+ * New upstream release
+ - Refreshed the patches
+
+ -- Emmanuel Bourg <ebourg at apache.org> Tue, 18 Apr 2017 09:50:28 +0200
+
tomcat8 (8.5.11-2) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch b/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
index 2281c1e..099c2cf 100644
--- a/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
+++ b/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
@@ -3,7 +3,7 @@ Date: Mon, 28 Jun 2010 21:32:35 +0200
Subject: [PATCH] split deploy-webapps target from deploy target
--- a/build.xml
+++ b/build.xml
-@@ -993,7 +993,7 @@
+@@ -994,7 +994,7 @@
</xslt>
</target>
@@ -12,7 +12,7 @@ Subject: [PATCH] split deploy-webapps target from deploy target
description="Default. Builds a working Tomcat instance">
<copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
-@@ -1032,6 +1032,10 @@
+@@ -1033,6 +1033,10 @@
</fileset>
</copy>
diff --git a/debian/patches/0005-skip-test-failures.patch b/debian/patches/0005-skip-test-failures.patch
index b52a32f..9d6d772 100644
--- a/debian/patches/0005-skip-test-failures.patch
+++ b/debian/patches/0005-skip-test-failures.patch
@@ -3,7 +3,7 @@ Author: Emmanuel Bourg <ebourg at apache.org>
Forwarded: not-needed
--- a/build.xml
+++ b/build.xml
-@@ -1370,8 +1370,10 @@
+@@ -1371,8 +1371,10 @@
</filterchain>
</concat>
diff --git a/debian/patches/0010-debianize-build-xml.patch b/debian/patches/0010-debianize-build-xml.patch
index d6c053d..092e0cf 100644
--- a/debian/patches/0010-debianize-build-xml.patch
+++ b/debian/patches/0010-debianize-build-xml.patch
@@ -5,7 +5,7 @@ Last-Update: 2011-05-16
--- a/build.xml
+++ b/build.xml
-@@ -644,7 +644,7 @@
+@@ -645,7 +645,7 @@
</copy>
</target>
@@ -14,7 +14,7 @@ Last-Update: 2011-05-16
<!-- Compile internal server components -->
<javac srcdir="java" destdir="${tomcat.classes}"
debug="${compile.debug}"
-@@ -996,12 +996,14 @@
+@@ -997,12 +997,14 @@
<target name="deploy" depends="package,build-docs,build-tomcat-jdbc,compile-webapp-examples,deploy-webapps"
description="Default. Builds a working Tomcat instance">
diff --git a/debian/patches/CVE-2017-5647.patch b/debian/patches/CVE-2017-5647.patch
index bfe6b78..e746785 100644
--- a/debian/patches/CVE-2017-5647.patch
+++ b/debian/patches/CVE-2017-5647.patch
@@ -15,11 +15,9 @@ Origin: http://svn.apache.org/r1788932
7 files changed, 116 insertions(+), 34 deletions(-)
create mode 100644 java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
-diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java
-index e69e984..3aa5dec 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
-@@ -870,10 +870,9 @@ public abstract class AbstractProtocol<S> implements ProtocolHandler,
+@@ -870,10 +870,9 @@
wrapper.registerReadInterest();
} else if (state == SocketState.SENDFILE) {
// Sendfile in progress. If it fails, the socket will be
@@ -33,11 +31,9 @@ index e69e984..3aa5dec 100644
} else if (state == SocketState.UPGRADED) {
// Don't add sockets back to the poller if this was a
// non-blocking write otherwise the poller may trigger
-diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
-index 5a1c766..e260a39 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
-@@ -58,6 +58,7 @@ import org.apache.tomcat.util.net.AbstractEndpoint;
+@@ -58,6 +58,7 @@
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SendfileDataBase;
@@ -45,7 +41,7 @@ index 5a1c766..e260a39 100644
import org.apache.tomcat.util.net.SocketWrapperBase;
import org.apache.tomcat.util.res.StringManager;
-@@ -1601,7 +1602,16 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1601,7 +1602,16 @@
openSocket = keepAlive;
// Do sendfile as needed: add socket to sendfile and end
if (sendfileData != null && !getErrorState().isError()) {
@@ -63,11 +59,9 @@ index 5a1c766..e260a39 100644
switch (socketWrapper.processSendfile(sendfileData)) {
case DONE:
// If sendfile is complete, no need to break keep-alive loop
-diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
-index 09d4af3..8860777 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
-@@ -2134,20 +2134,33 @@ public class AprEndpoint extends AbstractEndpoint<Long> implements SNICallBack {
+@@ -2138,20 +2138,33 @@
state.length -= nw;
if (state.length == 0) {
remove(state);
@@ -112,11 +106,9 @@ index 09d4af3..8860777 100644
}
}
}
-diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
-index 73605e8..a8231bf 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
-@@ -536,17 +536,24 @@ public class Nio2Endpoint extends AbstractJsseEndpoint<Nio2Channel> {
+@@ -536,17 +536,24 @@
} catch (IOException e) {
// Ignore
}
@@ -150,11 +142,9 @@ index 73605e8..a8231bf 100644
}
}
return;
-diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java b/java/org/apache/tomcat/util/net/NioEndpoint.java
-index 8775919..71dad75 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
-@@ -917,16 +917,30 @@ public class NioEndpoint extends AbstractJsseEndpoint<NioChannel> {
+@@ -924,16 +924,30 @@
// responsible for registering the socket for the
// appropriate event(s) if sendfile completes.
if (!calledByProcessor) {
@@ -191,11 +181,9 @@ index 8775919..71dad75 100644
}
}
return SendfileState.DONE;
-diff --git a/java/org/apache/tomcat/util/net/SendfileDataBase.java b/java/org/apache/tomcat/util/net/SendfileDataBase.java
-index fc89b11..ca0ee3b 100644
--- a/java/org/apache/tomcat/util/net/SendfileDataBase.java
+++ b/java/org/apache/tomcat/util/net/SendfileDataBase.java
-@@ -21,10 +21,10 @@ public abstract class SendfileDataBase {
+@@ -21,10 +21,10 @@
/**
* Is the current request being processed on a keep-alive connection? This
* determines if the socket is closed once the send file completes or if
@@ -209,9 +197,6 @@ index fc89b11..ca0ee3b 100644
/**
* The full path to the file that contains the data to be written to the
-diff --git a/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java b/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
-new file mode 100644
-index 0000000..b27a9f1
--- /dev/null
+++ b/java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
@@ -0,0 +1,39 @@
diff --git a/debian/patches/CVE-2017-5648.patch b/debian/patches/CVE-2017-5648.patch
deleted file mode 100644
index fbaaccf..0000000
--- a/debian/patches/CVE-2017-5648.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From: Markus Koschany <apo at debian.org>
-Date: Tue, 11 Apr 2017 23:48:23 +0200
-Subject: CVE-2017-5648
-
-Bug-Debian: https://bugs.debian.org/860068
-Origin: http://svn.apache.org/r1788932
----
- java/org/apache/catalina/authenticator/FormAuthenticator.java | 11 +++++------
- java/org/apache/catalina/core/StandardHostValve.java | 4 ++--
- 2 files changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
-index e5f5854..b3056a0 100644
---- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
-+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
-@@ -427,9 +427,9 @@ public class FormAuthenticator
- RequestDispatcher disp =
- context.getServletContext().getRequestDispatcher(loginPage);
- try {
-- if (context.fireRequestInitEvent(request)) {
-+ if (context.fireRequestInitEvent(request.getRequest())) {
- disp.forward(request.getRequest(), response);
-- context.fireRequestDestroyEvent(request);
-+ context.fireRequestDestroyEvent(request.getRequest());
- }
- } catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
-@@ -471,12 +471,11 @@ public class FormAuthenticator
- }
-
- RequestDispatcher disp =
-- context.getServletContext().getRequestDispatcher
-- (config.getErrorPage());
-+ context.getServletContext().getRequestDispatcher(config.getErrorPage());
- try {
-- if (context.fireRequestInitEvent(request)) {
-+ if (context.fireRequestInitEvent(request.getRequest())) {
- disp.forward(request.getRequest(), response);
-- context.fireRequestDestroyEvent(request);
-+ context.fireRequestDestroyEvent(request.getRequest());
- }
- } catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
-diff --git a/java/org/apache/catalina/core/StandardHostValve.java b/java/org/apache/catalina/core/StandardHostValve.java
-index 8fe3e1a..b08deab 100644
---- a/java/org/apache/catalina/core/StandardHostValve.java
-+++ b/java/org/apache/catalina/core/StandardHostValve.java
-@@ -123,7 +123,7 @@ final class StandardHostValve extends ValveBase {
- try {
- context.bind(Globals.IS_SECURITY_ENABLED, MY_CLASSLOADER);
-
-- if (!asyncAtStart && !context.fireRequestInitEvent(request)) {
-+ if (!asyncAtStart && !context.fireRequestInitEvent(request.getRequest())) {
- // Don't fire listeners during async processing (the listener
- // fired for the request that called startAsync()).
- // If a request init listener throws an exception, the request
-@@ -179,7 +179,7 @@ final class StandardHostValve extends ValveBase {
- }
-
- if (!request.isAsync() && (!asyncAtStart || !response.isErrorReportRequired())) {
-- context.fireRequestDestroyEvent(request);
-+ context.fireRequestDestroyEvent(request.getRequest());
- }
- } finally {
- // Access a session (if present) to update last accessed time, based
diff --git a/debian/patches/CVE-2017-5650.patch b/debian/patches/CVE-2017-5650.patch
index 0cbf3e7..74a8862 100644
--- a/debian/patches/CVE-2017-5650.patch
+++ b/debian/patches/CVE-2017-5650.patch
@@ -8,11 +8,9 @@ Origin: http://svn.apache.org/r1788480
java/org/apache/coyote/http2/Http2UpgradeHandler.java | 5 +++++
1 file changed, 5 insertions(+)
-diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
-index 03c5c25..0d7d9d5 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
-@@ -983,6 +983,11 @@ public class Http2UpgradeHandler extends AbstractStream implements InternalHttpU
+@@ -983,6 +983,11 @@
private void close() {
connectionState.set(ConnectionState.CLOSED);
diff --git a/debian/patches/CVE-2017-5651.patch b/debian/patches/CVE-2017-5651.patch
index 5b4980c..e737f68 100644
--- a/debian/patches/CVE-2017-5651.patch
+++ b/debian/patches/CVE-2017-5651.patch
@@ -8,11 +8,9 @@ Origin: http://svn.apache.org/r1788546
java/org/apache/coyote/http11/Http11Processor.java | 52 ++++++++++------------
1 file changed, 24 insertions(+), 28 deletions(-)
-diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
-index e260a39..99997e8 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
-@@ -58,6 +58,7 @@ import org.apache.tomcat.util.net.AbstractEndpoint;
+@@ -58,6 +58,7 @@
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SendfileDataBase;
@@ -20,7 +18,7 @@ index e260a39..99997e8 100644
import org.apache.tomcat.util.net.SendfileKeepAliveState;
import org.apache.tomcat.util.net.SocketWrapperBase;
import org.apache.tomcat.util.res.StringManager;
-@@ -659,9 +660,10 @@ public class Http11Processor extends AbstractProcessor {
+@@ -659,9 +660,10 @@
openSocket = false;
readComplete = true;
boolean keptAlive = false;
@@ -33,7 +31,7 @@ index e260a39..99997e8 100644
// Parsing the request header
try {
-@@ -850,9 +852,7 @@ public class Http11Processor extends AbstractProcessor {
+@@ -850,9 +852,7 @@
rp.setStage(org.apache.coyote.Constants.STAGE_KEEPALIVE);
@@ -44,7 +42,7 @@ index e260a39..99997e8 100644
}
rp.setStage(org.apache.coyote.Constants.STAGE_ENDED);
-@@ -864,7 +864,7 @@ public class Http11Processor extends AbstractProcessor {
+@@ -864,7 +864,7 @@
} else if (isUpgrade()) {
return SocketState.UPGRADING;
} else {
@@ -53,7 +51,7 @@ index e260a39..99997e8 100644
return SocketState.SENDFILE;
} else {
if (openSocket) {
-@@ -940,7 +940,6 @@ public class Http11Processor extends AbstractProcessor {
+@@ -940,7 +940,6 @@
http11 = true;
http09 = false;
contentDelimitation = false;
@@ -61,7 +59,7 @@ index e260a39..99997e8 100644
if (endpoint.isSSLEnabled()) {
request.scheme().setString("https");
-@@ -1147,15 +1146,14 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1147,15 +1146,14 @@
}
// Sendfile support
@@ -79,7 +77,7 @@ index e260a39..99997e8 100644
isCompressable = isCompressable();
if (isCompressable) {
useCompression = useCompression();
-@@ -1297,10 +1295,12 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1297,10 +1295,12 @@
return connection.equals(Constants.CLOSE);
}
@@ -94,7 +92,7 @@ index e260a39..99997e8 100644
// No entity body sent here
outputBuffer.addActiveFilter(outputFilters[Constants.VOID_FILTER]);
contentDelimitation = true;
-@@ -1309,9 +1309,7 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1309,9 +1309,7 @@
long end = ((Long) request.getAttribute(
org.apache.coyote.Constants.SENDFILE_FILE_END_ATTR)).longValue();
sendfileData = socketWrapper.createSendfileData(fileName, pos, end - pos);
@@ -104,7 +102,7 @@ index e260a39..99997e8 100644
}
/**
-@@ -1592,14 +1590,15 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1592,14 +1590,15 @@
/**
@@ -125,7 +123,7 @@ index e260a39..99997e8 100644
// Do sendfile as needed: add socket to sendfile and end
if (sendfileData != null && !getErrorState().isError()) {
if (keepAlive) {
-@@ -1612,23 +1611,20 @@ public class Http11Processor extends AbstractProcessor {
+@@ -1612,23 +1611,20 @@
sendfileData.keepAliveState = SendfileKeepAliveState.NONE;
}
diff --git a/debian/patches/series b/debian/patches/series
index 85528d8..8aabbe8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,6 +9,5 @@
0019-add-distribution-to-error-page.patch
0021-dont-test-unsupported-ciphers.patch
CVE-2017-5647.patch
-CVE-2017-5648.patch
CVE-2017-5650.patch
CVE-2017-5651.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list