This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch jessie in repository tomcat8.
commit d2125fc4a5a5d895650e3b539cc346919c273625 Author: Emmanuel Bourg <[email protected]> Date: Wed Jun 22 19:37:34 2016 +0200 Enhanced the description of the patches --- debian/patches/CVE-2015-5174.patch | 20 ++++----- debian/patches/CVE-2015-5345.patch | 29 +++---------- debian/patches/CVE-2015-5346.patch | 36 ++++++---------- debian/patches/CVE-2015-5351.patch | 36 +++------------- debian/patches/CVE-2016-0706.patch | 21 +++------ debian/patches/CVE-2016-0714.patch | 88 ++++++++++++-------------------------- debian/patches/CVE-2016-0763.patch | 24 ++++------- 7 files changed, 77 insertions(+), 177 deletions(-) diff --git a/debian/patches/CVE-2015-5174.patch b/debian/patches/CVE-2015-5174.patch index 989a383..5c927a4 100644 --- a/debian/patches/CVE-2015-5174.patch +++ b/debian/patches/CVE-2015-5174.patch @@ -1,15 +1,11 @@ -From: Markus Koschany <[email protected]> -Date: Sat, 28 May 2016 01:54:08 +0000 -Subject: CVE-2015-5174 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1696281 -Origin: https://svn.apache.org/viewvc?view=revision&revision=1700897 ---- - java/org/apache/tomcat/util/http/RequestUtil.java | 45 ++++++---- - .../apache/tomcat/util/http/TestRequestUtil.java | 100 +++++++++++++++++++-- - webapps/docs/changelog.xml | 11 +++ - 3 files changed, 135 insertions(+), 21 deletions(-) - +Description: Fixes CVE-2015-5174: Directory traversal vulnerability in RequestUtil + allows remote authenticated users to bypass intended SecurityManager restrictions + and list a parent directory via a /.. (slash dot dot) in a pathname used by a + web application in a getResource, getResourceAsStream, or getResourcePaths call, + as demonstrated by the $CATALINA_BASE/webapps directory. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1696281 + https://svn.apache.org/r1700897 --- a/java/org/apache/tomcat/util/http/RequestUtil.java +++ b/java/org/apache/tomcat/util/http/RequestUtil.java @@ -56,9 +56,6 @@ diff --git a/debian/patches/CVE-2015-5345.patch b/debian/patches/CVE-2015-5345.patch index 4e1547f..f771868 100644 --- a/debian/patches/CVE-2015-5345.patch +++ b/debian/patches/CVE-2015-5345.patch @@ -1,25 +1,10 @@ -From: Markus Koschany <[email protected]> -Date: Sun, 29 May 2016 18:09:44 +0200 -Subject: CVE-2015-5345 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1715207 -Origin: https://svn.apache.org/viewvc?view=revision&revision=1717209 ---- - java/org/apache/catalina/Context.java | 40 ++++++++++++++ - .../catalina/authenticator/FormAuthenticator.java | 14 +++++ - java/org/apache/catalina/core/StandardContext.java | 35 ++++++++++++ - .../apache/catalina/core/mbeans-descriptors.xml | 8 +++ - java/org/apache/catalina/mapper/Mapper.java | 31 ++++++----- - .../apache/catalina/servlets/DefaultServlet.java | 28 +++++++++- - .../apache/catalina/servlets/WebdavServlet.java | 5 ++ - .../org/apache/catalina/startup/FailedContext.java | 19 ++++++- - test/org/apache/catalina/core/TesterContext.java | 17 ++++++ - .../apache/catalina/mapper/TestMapperWebapps.java | 64 ++++++++++++++++++++++ - .../apache/catalina/startup/TomcatBaseTest.java | 3 +- - webapps/docs/changelog.xml | 15 +++++ - webapps/docs/config/context.xml | 16 ++++++ - 13 files changed, 276 insertions(+), 19 deletions(-) - +Description: Fixes CVE-2015-5345: The Mapper component in Apache Tomcat processes + redirects before considering security constraints and Filters, which allows + remote attackers to determine the existence of a directory via a URL that lacks + a trailing / (slash) character. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1715207 + https://svn.apache.org/r1717209 --- a/java/org/apache/catalina/Context.java +++ b/java/org/apache/catalina/Context.java @@ -1674,4 +1674,44 @@ diff --git a/debian/patches/CVE-2015-5346.patch b/debian/patches/CVE-2015-5346.patch index 95f08bc..399196f 100644 --- a/debian/patches/CVE-2015-5346.patch +++ b/debian/patches/CVE-2015-5346.patch @@ -1,20 +1,14 @@ -From: Markus Koschany <[email protected]> -Date: Sat, 28 May 2016 03:11:58 +0000 -Subject: CVE-2015-5346 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1713185 -Origin: https://svn.apache.org/viewvc?view=revision&revision=1723506 ---- - .../apache/catalina/connector/CoyoteAdapter.java | 8 ++-- - java/org/apache/catalina/connector/Request.java | 52 ++++++++++++++-------- - webapps/docs/changelog.xml | 8 ++++ - 3 files changed, 46 insertions(+), 22 deletions(-) - -diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java -index e3ff219..775862d 100644 +Description: Fixes CVE-2015-5346: Session fixation vulnerability in Apache Tomcat + when different session settings are used for deployments of multiple versions + of the same web application, might allow remote attackers to hijack web sessions + by leveraging use of a requestedSessionSSL field for an unintended request, + related to CoyoteAdapter.java and Request.java. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1713185 + https://svn.apache.org/r1723506 --- a/java/org/apache/catalina/connector/CoyoteAdapter.java +++ b/java/org/apache/catalina/connector/CoyoteAdapter.java -@@ -941,9 +941,11 @@ public class CoyoteAdapter implements Adapter { +@@ -941,9 +941,11 @@ // Reset mapping request.getMappingData().recycle(); mapRequired = true; @@ -29,11 +23,9 @@ index e3ff219..775862d 100644 } break; } -diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java -index 2d24ba4..55682be 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java -@@ -287,6 +287,11 @@ public class Request +@@ -287,6 +287,11 @@ */ protected boolean cookiesParsed = false; @@ -45,7 +37,7 @@ index 2d24ba4..55682be 100644 /** * Secure flag. -@@ -461,7 +466,6 @@ public class Request +@@ -461,7 +466,6 @@ parts = null; } partsParseException = null; @@ -53,7 +45,7 @@ index 2d24ba4..55682be 100644 locales.clear(); localesParsed = false; secure = false; -@@ -475,20 +479,9 @@ public class Request +@@ -475,20 +479,9 @@ attributes.clear(); sslAttributesParsed = false; notes.clear(); @@ -76,7 +68,7 @@ index 2d24ba4..55682be 100644 if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) { parameterMap = new ParameterMap<>(); -@@ -531,11 +524,32 @@ public class Request +@@ -531,11 +524,32 @@ } @@ -114,8 +106,6 @@ index 2d24ba4..55682be 100644 return (inputBuffer.realReadBytes(null, 0, 0) > 0); } -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index f552c88..cb4c914 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -184,6 +184,10 @@ diff --git a/debian/patches/CVE-2015-5351.patch b/debian/patches/CVE-2015-5351.patch index 88b34d0..8ca74aa 100644 --- a/debian/patches/CVE-2015-5351.patch +++ b/debian/patches/CVE-2015-5351.patch @@ -1,21 +1,9 @@ -From: Markus Koschany <[email protected]> -Date: Sat, 28 May 2016 03:13:41 +0000 -Subject: CVE-2015-5351 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1720658 -Origin: https://svn.apache.org/viewvc?view=revision&revision=1720660 ---- - webapps/docs/changelog.xml | 7 +++++++ - webapps/host-manager/WEB-INF/jsp/401.jsp | 1 + - webapps/host-manager/WEB-INF/jsp/403.jsp | 1 + - webapps/host-manager/WEB-INF/jsp/404.jsp | 3 ++- - webapps/host-manager/index.jsp | 4 ++-- - webapps/manager/WEB-INF/web.xml | 1 - - webapps/manager/index.jsp | 4 ++-- - 7 files changed, 15 insertions(+), 6 deletions(-) - -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index cb4c914..92d5b3c 100644 +Description: Fixes CVE-2015-5351: The Manager and Host Manager applications establish + sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers + to bypass a CSRF protection mechanism by using a token. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1720658 + https://svn.apache.org/r1720660 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -326,6 +326,13 @@ @@ -32,8 +20,6 @@ index cb4c914..92d5b3c 100644 </changelog> </subsection> <subsection name="WebSocket"> -diff --git a/webapps/host-manager/WEB-INF/jsp/401.jsp b/webapps/host-manager/WEB-INF/jsp/401.jsp -index 83c8c6f..047766b 100644 --- a/webapps/host-manager/WEB-INF/jsp/401.jsp +++ b/webapps/host-manager/WEB-INF/jsp/401.jsp @@ -14,6 +14,7 @@ @@ -44,8 +30,6 @@ index 83c8c6f..047766b 100644 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd";> <html> <head> -diff --git a/webapps/host-manager/WEB-INF/jsp/403.jsp b/webapps/host-manager/WEB-INF/jsp/403.jsp -index 2dbb448..5eff6f0 100644 --- a/webapps/host-manager/WEB-INF/jsp/403.jsp +++ b/webapps/host-manager/WEB-INF/jsp/403.jsp @@ -14,6 +14,7 @@ @@ -56,8 +40,6 @@ index 2dbb448..5eff6f0 100644 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd";> <html> <head> -diff --git a/webapps/host-manager/WEB-INF/jsp/404.jsp b/webapps/host-manager/WEB-INF/jsp/404.jsp -index d1b5b0b..9816df5 100644 --- a/webapps/host-manager/WEB-INF/jsp/404.jsp +++ b/webapps/host-manager/WEB-INF/jsp/404.jsp @@ -14,7 +14,8 @@ @@ -70,8 +52,6 @@ index d1b5b0b..9816df5 100644 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd";> <html> <head> -diff --git a/webapps/host-manager/index.jsp b/webapps/host-manager/index.jsp -index d4816e5..2806b76 100644 --- a/webapps/host-manager/index.jsp +++ b/webapps/host-manager/index.jsp @@ -14,5 +14,5 @@ @@ -84,8 +64,6 @@ index d4816e5..2806b76 100644 +<%@ page session="false" trimDirectiveWhitespaces="true" %> +<% response.sendRedirect(request.getContextPath() + "/html"); %> \ No newline at end of file -diff --git a/webapps/manager/WEB-INF/web.xml b/webapps/manager/WEB-INF/web.xml -index 230199e..ef917e6 100644 --- a/webapps/manager/WEB-INF/web.xml +++ b/webapps/manager/WEB-INF/web.xml @@ -115,7 +115,6 @@ @@ -96,8 +74,6 @@ index 230199e..ef917e6 100644 </filter-mapping> <!-- Define a Security Constraint on this Application --> -diff --git a/webapps/manager/index.jsp b/webapps/manager/index.jsp -index d4816e5..ff4f47b 100644 --- a/webapps/manager/index.jsp +++ b/webapps/manager/index.jsp @@ -14,5 +14,5 @@ diff --git a/debian/patches/CVE-2016-0706.patch b/debian/patches/CVE-2016-0706.patch index 4f497d4..84cdd5d 100644 --- a/debian/patches/CVE-2016-0706.patch +++ b/debian/patches/CVE-2016-0706.patch @@ -1,15 +1,10 @@ -From: Markus Koschany <[email protected]> -Date: Sat, 28 May 2016 13:15:51 +0000 -Subject: CVE-2016-0706 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1722800 ---- - java/org/apache/catalina/core/RestrictedServlets.properties | 1 + - webapps/docs/changelog.xml | 4 ++++ - 2 files changed, 5 insertions(+) - -diff --git a/java/org/apache/catalina/core/RestrictedServlets.properties b/java/org/apache/catalina/core/RestrictedServlets.properties -index d336968..cefa249 100644 +Description: Fixes CVE-2016-0706: Apache Tomcat does not place StatusManagerServlet + on the RestrictedServlets.properties list, which allows remote authenticated + users to bypass intended SecurityManager restrictions and read arbitrary HTTP + requests, and consequently discover session ID values, via a crafted web + application. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1722800 --- a/java/org/apache/catalina/core/RestrictedServlets.properties +++ b/java/org/apache/catalina/core/RestrictedServlets.properties @@ -16,3 +16,4 @@ @@ -17,8 +12,6 @@ index d336968..cefa249 100644 org.apache.catalina.servlets.CGIServlet=restricted org.apache.catalina.manager.JMXProxyServlet=restricted +org.apache.catalina.manager.StatusManagerServlet=restricted -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index 92d5b3c..f075094 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -333,6 +333,10 @@ diff --git a/debian/patches/CVE-2016-0714.patch b/debian/patches/CVE-2016-0714.patch index f3fd235..5d6fae2 100644 --- a/debian/patches/CVE-2016-0714.patch +++ b/debian/patches/CVE-2016-0714.patch @@ -1,28 +1,13 @@ -From: Markus Koschany <[email protected]> -Date: Sun, 29 May 2016 15:11:37 +0200 -Subject: CVE-2016-0714 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1726196 -Origin: https://svn.apache.org/viewvc?view=revision&revision=1726203 ---- - .../catalina/ha/session/ClusterManagerBase.java | 3 + - .../catalina/ha/session/mbeans-descriptors.xml | 24 +++ - .../catalina/session/LocalStrings.properties | 2 + - java/org/apache/catalina/session/ManagerBase.java | 172 ++++++++++++++++++++- - .../apache/catalina/session/StandardManager.java | 9 +- - .../apache/catalina/session/mbeans-descriptors.xml | 20 +++ - .../catalina/util/CustomObjectInputStream.java | 89 ++++++++++- - .../apache/catalina/util/LocalStrings.properties | 2 + - webapps/docs/changelog.xml | 8 + - webapps/docs/config/cluster-manager.xml | 71 +++++++++ - webapps/docs/config/manager.xml | 69 +++++++++ - 11 files changed, 463 insertions(+), 6 deletions(-) - -diff --git a/java/org/apache/catalina/ha/session/ClusterManagerBase.java b/java/org/apache/catalina/ha/session/ClusterManagerBase.java -index 8eb284d..ee601a8 100644 +Description: Fixes CVE-2016-0714: The session-persistence implementation mishandles + session attributes, which allows remote authenticated users to bypass intended + SecurityManager restrictions and execute arbitrary code in a privileged context + via a web application that places a crafted object in a session. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1726196 + https://svn.apache.org/r1726203 --- a/java/org/apache/catalina/ha/session/ClusterManagerBase.java +++ b/java/org/apache/catalina/ha/session/ClusterManagerBase.java -@@ -196,6 +196,9 @@ public abstract class ClusterManagerBase extends ManagerBase implements ClusterM +@@ -196,6 +196,9 @@ copy.setProcessExpiresFrequency(getProcessExpiresFrequency()); copy.setNotifyListenersOnReplication(isNotifyListenersOnReplication()); copy.setSessionAttributeFilter(getSessionAttributeFilter()); @@ -32,8 +17,6 @@ index 8eb284d..ee601a8 100644 copy.setSecureRandomClass(getSecureRandomClass()); copy.setSecureRandomProvider(getSecureRandomProvider()); copy.setSecureRandomAlgorithm(getSecureRandomAlgorithm()); -diff --git a/java/org/apache/catalina/ha/session/mbeans-descriptors.xml b/java/org/apache/catalina/ha/session/mbeans-descriptors.xml -index 76a689e..feff5cc 100644 --- a/java/org/apache/catalina/ha/session/mbeans-descriptors.xml +++ b/java/org/apache/catalina/ha/session/mbeans-descriptors.xml @@ -309,6 +309,18 @@ @@ -74,11 +57,9 @@ index 76a689e..feff5cc 100644 <operation name="expireSession" description="Expired the given session" -diff --git a/java/org/apache/catalina/session/LocalStrings.properties b/java/org/apache/catalina/session/LocalStrings.properties -index 7b00a4c..67eb04e 100644 --- a/java/org/apache/catalina/session/LocalStrings.properties +++ b/java/org/apache/catalina/session/LocalStrings.properties -@@ -32,6 +32,8 @@ JDBCStore.missingDataSourceName=No valid JNDI name was given. +@@ -32,6 +32,8 @@ JDBCStore.commitSQLException=SQLException committing connection before closing managerBase.container.noop=Managers added to containers other than Contexts will never be used managerBase.createSession.ise=createSession: Too many active sessions @@ -87,11 +68,9 @@ index 7b00a4c..67eb04e 100644 managerBase.sessionTimeout=Invalid session timeout setting {0} standardManager.loading=Loading persisted sessions from {0} standardManager.loading.exception=Exception while loading persisted sessions -diff --git a/java/org/apache/catalina/session/ManagerBase.java b/java/org/apache/catalina/session/ManagerBase.java -index b09348a..ada88f1 100644 --- a/java/org/apache/catalina/session/ManagerBase.java +++ b/java/org/apache/catalina/session/ManagerBase.java -@@ -32,10 +32,13 @@ import java.util.List; +@@ -32,10 +32,13 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicLong; @@ -105,7 +84,7 @@ index b09348a..ada88f1 100644 import org.apache.catalina.LifecycleException; import org.apache.catalina.Manager; import org.apache.catalina.Session; -@@ -210,8 +213,57 @@ public abstract class ManagerBase extends LifecycleMBeanBase +@@ -210,8 +213,57 @@ protected final PropertyChangeSupport support = new PropertyChangeSupport(this); @@ -164,7 +143,7 @@ index b09348a..ada88f1 100644 @Override @Deprecated -@@ -220,6 +272,86 @@ public abstract class ManagerBase extends LifecycleMBeanBase +@@ -220,6 +272,86 @@ } @@ -251,7 +230,7 @@ index b09348a..ada88f1 100644 @Override @Deprecated public void setContainer(Container container) { -@@ -839,6 +971,44 @@ public abstract class ManagerBase extends LifecycleMBeanBase +@@ -839,6 +971,44 @@ notifySessionListeners, notifyContainerListeners); } @@ -296,11 +275,9 @@ index b09348a..ada88f1 100644 // ------------------------------------------------------ Protected Methods -diff --git a/java/org/apache/catalina/session/StandardManager.java b/java/org/apache/catalina/session/StandardManager.java -index b1eb80b..a63ae7e 100644 --- a/java/org/apache/catalina/session/StandardManager.java +++ b/java/org/apache/catalina/session/StandardManager.java -@@ -208,19 +208,24 @@ public class StandardManager extends ManagerBase { +@@ -208,19 +208,24 @@ BufferedInputStream bis = null; ObjectInputStream ois = null; Loader loader = null; @@ -327,8 +304,6 @@ index b1eb80b..a63ae7e 100644 } else { if (log.isDebugEnabled()) log.debug("Creating standard object input stream"); -diff --git a/java/org/apache/catalina/session/mbeans-descriptors.xml b/java/org/apache/catalina/session/mbeans-descriptors.xml -index 4f9b01e..4edf79b 100644 --- a/java/org/apache/catalina/session/mbeans-descriptors.xml +++ b/java/org/apache/catalina/session/mbeans-descriptors.xml @@ -132,6 +132,15 @@ @@ -365,11 +340,9 @@ index 4f9b01e..4edf79b 100644 <operation name="backgroundProcess" description="Invalidate all sessions that have expired." impact="ACTION" -diff --git a/java/org/apache/catalina/util/CustomObjectInputStream.java b/java/org/apache/catalina/util/CustomObjectInputStream.java -index f63d777..25793e4 100644 --- a/java/org/apache/catalina/util/CustomObjectInputStream.java +++ b/java/org/apache/catalina/util/CustomObjectInputStream.java -@@ -19,9 +19,18 @@ package org.apache.catalina.util; +@@ -19,9 +19,18 @@ import java.io.IOException; import java.io.InputStream; @@ -388,7 +361,7 @@ index f63d777..25793e4 100644 /** * Custom subclass of <code>ObjectInputStream</code> that loads from the -@@ -35,14 +44,26 @@ public final class CustomObjectInputStream +@@ -35,14 +44,26 @@ extends ObjectInputStream { @@ -416,7 +389,7 @@ index f63d777..25793e4 100644 * * @param stream The input stream we will read from * @param classLoader The class loader used to instantiate objects -@@ -53,10 +74,56 @@ public final class CustomObjectInputStream +@@ -53,11 +74,57 @@ ClassLoader classLoader) throws IOException { @@ -451,7 +424,6 @@ index f63d777..25793e4 100644 + sm.getString("customObjectInputStream.logRequired")); + } this.classLoader = classLoader; -- } + this.log = log; + this.allowedClassNamePattern = allowedClassNamePattern; + if (allowedClassNamePattern == null) { @@ -460,7 +432,7 @@ index f63d777..25793e4 100644 + this.allowedClassNameFilter = allowedClassNamePattern.toString(); + } + this.warnOnFailure = warnOnFailure; - ++ + Set<String> reportedClasses; + synchronized (reportedClassCache) { + reportedClasses = reportedClassCache.get(classLoader); @@ -470,11 +442,13 @@ index f63d777..25793e4 100644 + } + } + this.reportedClasses = reportedClasses; -+ } + } +- /** * Load the local class equivalent of the specified stream class -@@ -70,8 +137,24 @@ public final class CustomObjectInputStream + * description, by using the class loader assigned to this Context. +@@ -70,8 +137,24 @@ @Override public Class<?> resolveClass(ObjectStreamClass classDesc) throws ClassNotFoundException, IOException { @@ -500,11 +474,9 @@ index f63d777..25793e4 100644 } catch (ClassNotFoundException e) { try { // Try also the superclass because of primitive types -diff --git a/java/org/apache/catalina/util/LocalStrings.properties b/java/org/apache/catalina/util/LocalStrings.properties -index 55dea98..6aeb973 100644 --- a/java/org/apache/catalina/util/LocalStrings.properties +++ b/java/org/apache/catalina/util/LocalStrings.properties -@@ -17,6 +17,8 @@ parameterMap.locked=No modifications are allowed to a locked ParameterMap +@@ -17,6 +17,8 @@ resourceSet.locked=No modifications are allowed to a locked ResourceSet hexUtil.bad=Bad hexadecimal digit hexUtil.odd=Odd number of hexadecimal digits @@ -513,8 +485,6 @@ index 55dea98..6aeb973 100644 #Default Messages Utilized by the ExtensionValidator extensionValidator.web-application-manifest=Web Application Manifest extensionValidator.extension-not-found-error=ExtensionValidator[{0}][{1}]: Required extension [{2}] not found. -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index d18692c..a0b4788 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -308,6 +308,14 @@ @@ -532,11 +502,9 @@ index d18692c..a0b4788 100644 </changelog> </subsection> <subsection name="Jasper"> -diff --git a/webapps/docs/config/cluster-manager.xml b/webapps/docs/config/cluster-manager.xml -index 377884a..4958a39 100644 --- a/webapps/docs/config/cluster-manager.xml +++ b/webapps/docs/config/cluster-manager.xml -@@ -182,6 +183,30 @@ +@@ -182,6 +182,30 @@ effective only when <code>sendAllSessions</code> is <code>false</code>. Default is <code>2000</code> milliseconds. </attribute> @@ -567,7 +535,7 @@ index 377884a..4958a39 100644 <attribute name="stateTimestampDrop" required="false"> When this node sends a <code>GET_ALL_SESSIONS</code> message to other node, all session messages that are received as a response are queued. -@@ -193,6 +218,17 @@ +@@ -193,6 +217,17 @@ If set to <code>false</code>, all queued session messages are handled. Default is <code>true</code>. </attribute> @@ -585,7 +553,7 @@ index 377884a..4958a39 100644 </attributes> </subsection> <subsection name="org.apache.catalina.ha.session.BackupManager Attributes"> -@@ -216,6 +252,30 @@ +@@ -216,6 +251,30 @@ another map. Default value is <code>15000</code> milliseconds. </attribute> @@ -616,7 +584,7 @@ index 377884a..4958a39 100644 <attribute name="terminateOnStartFailure" required="false"> Set to true if you wish to terminate replication map when replication map fails to start. If replication map is terminated, associated context -@@ -223,6 +283,17 @@ +@@ -223,6 +282,17 @@ does not end. It will try to join the map membership in the heartbeat. Default value is <code>false</code> . </attribute> @@ -634,8 +602,6 @@ index 377884a..4958a39 100644 </attributes> </subsection> </section> -diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml -index 3ab728b..3726fe5 100644 --- a/webapps/docs/config/manager.xml +++ b/webapps/docs/config/manager.xml @@ -175,6 +175,40 @@ diff --git a/debian/patches/CVE-2016-0763.patch b/debian/patches/CVE-2016-0763.patch index 1e8e34e..313cc21 100644 --- a/debian/patches/CVE-2016-0763.patch +++ b/debian/patches/CVE-2016-0763.patch @@ -1,18 +1,14 @@ -From: Markus Koschany <[email protected]> -Date: Sat, 28 May 2016 15:46:37 +0200 -Subject: CVE-2016-0763 - -Origin: https://svn.apache.org/viewvc?view=revision&revision=1725929 ---- - java/org/apache/naming/factory/ResourceLinkFactory.java | 5 +++++ - webapps/docs/changelog.xml | 4 ++++ - 2 files changed, 9 insertions(+) - -diff --git a/java/org/apache/naming/factory/ResourceLinkFactory.java b/java/org/apache/naming/factory/ResourceLinkFactory.java -index 808192c..8a43e74 100644 +Description: Fixes CVE-2016-0763: The setGlobalContext method in ResourceLinkFactory + in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext + callers are authorized, which allows remote authenticated users to bypass intended + SecurityManager restrictions and read or write to arbitrary application data, + or cause a denial of service (application disruption), via a web application + that sets a crafted global context. +Author: Markus Koschany <[email protected]> +Origin: backport, https://svn.apache.org/r1725929 --- a/java/org/apache/naming/factory/ResourceLinkFactory.java +++ b/java/org/apache/naming/factory/ResourceLinkFactory.java -@@ -60,6 +60,11 @@ public class ResourceLinkFactory +@@ -60,6 +60,11 @@ * @param newGlobalContext new global context value */ public static void setGlobalContext(Context newGlobalContext) { @@ -24,8 +20,6 @@ index 808192c..8a43e74 100644 globalContext = newGlobalContext; } -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index f075094..d18692c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -337,6 +337,10 @@ -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
