This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch jessie in repository tomcat7.
commit f1925c3b011e51ccff77e272b38a4a4896fd3f15 Author: Markus Koschany <[email protected]> Date: Mon Feb 13 10:16:57 2017 +0100 Import Debian changes 7.0.56-3+deb8u8 tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high * Team upload. * Add BZ57544-infinite-loop.patch: It was found that https GET requests could trigger an infinite loop and thus cause a denial-of-service. (Closes: #854551) --- debian/changelog | 9 ++++++ debian/patches/BZ57544-infinite-loop.patch | 48 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 58 insertions(+) diff --git a/debian/changelog b/debian/changelog index 86aaa97..8112c76 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high + + * Team upload. + * Add BZ57544-infinite-loop.patch: It was found that https GET requests could + trigger an infinite loop and thus cause a denial-of-service. + (Closes: #854551) + + -- Markus Koschany <[email protected]> Mon, 13 Feb 2017 10:16:57 +0100 + tomcat7 (7.0.56-3+deb8u7) jessie-security; urgency=high * Fixed CVE-2016-8745: A bug in the error handling of the send file code for diff --git a/debian/patches/BZ57544-infinite-loop.patch b/debian/patches/BZ57544-infinite-loop.patch new file mode 100644 index 0000000..3dba521 --- /dev/null +++ b/debian/patches/BZ57544-infinite-loop.patch @@ -0,0 +1,48 @@ +From: Markus Koschany <[email protected]> +Date: Fri, 10 Feb 2017 03:01:38 +0100 +Subject: BZ57544 infinite loop + +Bug-Upstream: https://bz.apache.org/bugzilla/show_bug.cgi?id=60578 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854551 +Origin: https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788 +--- + java/org/apache/coyote/http11/AbstractInputBuffer.java | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java +index eda3609..a1251d6 100644 +--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java ++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java +@@ -225,15 +225,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + request.recycle(); + + // Copy leftover bytes to the beginning of the buffer +- if (lastValid - pos > 0) { +- int npos = 0; +- int opos = pos; +- while (lastValid - opos > opos - npos) { +- System.arraycopy(buf, opos, buf, npos, opos - npos); +- npos += pos; +- opos += pos; +- } +- System.arraycopy(buf, opos, buf, npos, lastValid - opos); ++ if (lastValid - pos > 0 && pos > 0) { ++ System.arraycopy(buf, pos, buf, 0, lastValid - pos); ++ lastValid = lastValid - pos; ++ pos = 0; + } + + // Recycle filters +@@ -242,12 +237,9 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{ + } + + // Reset pointers +- lastValid = lastValid - pos; +- pos = 0; + lastActiveFilter = -1; + parsingHeader = true; + swallowInput = true; +- + } + + diff --git a/debian/patches/series b/debian/patches/series index 9f0ed04..8a6bb86 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -38,3 +38,4 @@ CVE-2016-6816.patch BZ-57377.patch CVE-2016-8735.patch CVE-2016-8745.patch +BZ57544-infinite-loop.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
