[tomcat7] 01/01: Import Debian changes 7.0.28-4+deb7u10
Markus Koschany
apo at moszumanska.debian.org
Tue Feb 14 11:53:45 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch wheezy
in repository tomcat7.
commit a5966ebb3d89b700aa1d9773216a8c5afb8eb095
Author: Markus Koschany <apo at debian.org>
Date: Tue Feb 14 12:04:49 2017 +0100
Import Debian changes 7.0.28-4+deb7u10
tomcat7 (7.0.28-4+deb7u10) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
* Add BZ57544-infinite-loop.patch: It was found that https GET requests could
trigger an infinite loop and thus cause a denial-of-service.
(Closes: #854551)
---
debian/changelog | 9 ++++++
debian/patches/BZ57544-infinite-loop.patch | 48 ++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 58 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index d5d03a3..a1fd5b5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+tomcat7 (7.0.28-4+deb7u10) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS team.
+ * Add BZ57544-infinite-loop.patch: It was found that https GET requests could
+ trigger an infinite loop and thus cause a denial-of-service.
+ (Closes: #854551)
+
+ -- Markus Koschany <apo at debian.org> Tue, 14 Feb 2017 12:04:49 +0100
+
tomcat7 (7.0.28-4+deb7u9) wheezy-security; urgency=high
* Fix CVE-2016-8745:
diff --git a/debian/patches/BZ57544-infinite-loop.patch b/debian/patches/BZ57544-infinite-loop.patch
new file mode 100644
index 0000000..32eaa5b
--- /dev/null
+++ b/debian/patches/BZ57544-infinite-loop.patch
@@ -0,0 +1,48 @@
+From: Markus Koschany <apo at debian.org>
+Date: Tue, 14 Feb 2017 12:03:14 +0100
+Subject: BZ57544 infinite loop
+
+Bug-Upstream: https://bz.apache.org/bugzilla/show_bug.cgi?id=60578
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854551
+Origin: https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788
+---
+ java/org/apache/coyote/http11/AbstractInputBuffer.java | 16 ++++------------
+ 1 file changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+index b534cdf..5d54a05 100644
+--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java
++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+@@ -220,15 +220,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{
+ request.recycle();
+
+ // Copy leftover bytes to the beginning of the buffer
+- if (lastValid - pos > 0) {
+- int npos = 0;
+- int opos = pos;
+- while (lastValid - opos > opos - npos) {
+- System.arraycopy(buf, opos, buf, npos, opos - npos);
+- npos += pos;
+- opos += pos;
+- }
+- System.arraycopy(buf, opos, buf, npos, lastValid - opos);
++ if (lastValid - pos > 0 && pos > 0) {
++ System.arraycopy(buf, pos, buf, 0, lastValid - pos);
++ lastValid = lastValid - pos;
++ pos = 0;
+ }
+
+ // Recycle filters
+@@ -237,12 +232,9 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{
+ }
+
+ // Reset pointers
+- lastValid = lastValid - pos;
+- pos = 0;
+ lastActiveFilter = -1;
+ parsingHeader = true;
+ swallowInput = true;
+-
+ }
+
+
diff --git a/debian/patches/series b/debian/patches/series
index df71d34..e32d3bc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -47,3 +47,4 @@ CVE-2016-8735.patch
CVE-2016-5018-part2.patch
CVE-2016-6797-part2.patch
CVE-2016-8745.patch
+BZ57544-infinite-loop.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list