This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch jessie in repository tomcat8.
commit 401af63dfb55e4153aba434d2e6f5d973f01e4cd Author: Markus Koschany <[email protected]> Date: Mon Feb 13 10:34:43 2017 +0100 Import Debian changes 8.0.14-1+deb8u7 tomcat8 (8.0.14-1+deb8u7) jessie-security; urgency=high * Team upload. * Add BZ57544-infinite-loop.patch: It was found that https GET requests could trigger an infinite loop and thus cause a denial-of-service. (Closes: #851304) --- debian/changelog | 9 ++++++ debian/patches/BZ57544-infinite-loop.patch | 48 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 58 insertions(+) diff --git a/debian/changelog b/debian/changelog index 34fb2d6..a534595 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +tomcat8 (8.0.14-1+deb8u7) jessie-security; urgency=high + + * Team upload. + * Add BZ57544-infinite-loop.patch: It was found that https GET requests could + trigger an infinite loop and thus cause a denial-of-service. + (Closes: #851304) + + -- Markus Koschany <[email protected]> Mon, 13 Feb 2017 10:34:43 +0100 + tomcat8 (8.0.14-1+deb8u6) jessie-security; urgency=high * Fixed CVE-2016-8745: A bug in the error handling of the send file code for diff --git a/debian/patches/BZ57544-infinite-loop.patch b/debian/patches/BZ57544-infinite-loop.patch new file mode 100644 index 0000000..680eebf --- /dev/null +++ b/debian/patches/BZ57544-infinite-loop.patch @@ -0,0 +1,48 @@ +From: Markus Koschany <[email protected]> +Date: Fri, 10 Feb 2017 01:06:54 +0100 +Subject: BZ57544 infinite loop + +Bug-Upstream: https://bz.apache.org/bugzilla/show_bug.cgi?id=60578 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304 +Origin: https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788 +--- + java/org/apache/coyote/http11/AbstractInputBuffer.java | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java +index 33d4b3b..2aef369 100644 +--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java ++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java +@@ -235,15 +235,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + request.recycle(); + + // Copy leftover bytes to the beginning of the buffer +- if (lastValid - pos > 0) { +- int npos = 0; +- int opos = pos; +- while (lastValid - opos > opos - npos) { +- System.arraycopy(buf, opos, buf, npos, opos - npos); +- npos += pos; +- opos += pos; +- } +- System.arraycopy(buf, opos, buf, npos, lastValid - opos); ++ if (lastValid - pos > 0 && pos > 0) { ++ System.arraycopy(buf, pos, buf, 0, lastValid - pos); ++ lastValid = lastValid - pos; ++ pos = 0; + } + + // Recycle filters +@@ -252,12 +247,9 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + } + + // Reset pointers +- lastValid = lastValid - pos; +- pos = 0; + lastActiveFilter = -1; + parsingHeader = true; + swallowInput = true; +- + } + + diff --git a/debian/patches/series b/debian/patches/series index 45f2d8f..0351767 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -33,3 +33,4 @@ CVE-2016-6816.patch BZ-57377.patch CVE-2016-8735.patch CVE-2016-8745.patch +BZ57544-infinite-loop.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
