Mailinglist Archive: opensuse-commit (1192 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package tomcat6
checked in at Thu Aug 7 01:36:13 CEST 2008.


--------
--- tomcat6/tomcat6.changes     2008-07-21 15:46:05.000000000 +0200
+++ /mounts/work_src_done/STABLE/tomcat6/tomcat6.changes        2008-08-06 
11:12:18.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Aug  6 11:11:58 CEST 2008 - mvyskocil@xxxxxxx
+
+- fix CVE-2008-1232 and CVE-2008-2370: VUL-0: Apache Tomcat Cross-Site
+  Scripting and Security Bypass [bnc#414657]
+
+-------------------------------------------------------------------



New:
----
  apache-tomcat-CVE-2008-1232.patch
  apache-tomcat-CVE-2008-2370.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libtcnative-1-0.spec ++++++
--- /var/tmp/diff_new_pack.h13643/_old  2008-08-07 01:36:01.000000000 +0200
+++ /var/tmp/diff_new_pack.h13643/_new  2008-08-07 01:36:01.000000000 +0200
@@ -2,9 +2,16 @@
 # spec file for package libtcnative-1-0 (Version MACRO)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -22,7 +29,7 @@
 
 Name:           libtcnative-1-0
 Version:        %{major}.%{minor}.%{micro}
-Release:        2
+Release:        3
 Summary:        JNI wrappers for Apache Portable Runtime for Tomcat
 Group:          Productivity/Networking/Web/Servers
 License:        The Apache Software License

++++++ tomcat6.spec ++++++
--- /var/tmp/diff_new_pack.h13643/_old  2008-08-07 01:36:02.000000000 +0200
+++ /var/tmp/diff_new_pack.h13643/_new  2008-08-07 01:36:02.000000000 +0200
@@ -2,9 +2,16 @@
 # spec file for package tomcat6 (Version MACRO)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -29,7 +36,7 @@
 
 Name:           tomcat6
 Version:        %{major_version}.%{minor_version}.%{macro_version}
-Release:        9
+Release:        10
 Summary:        Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
 Group:          Productivity/Networking/Web/Servers
 License:        The Apache Software License
@@ -41,6 +48,8 @@
 Source4:        %{name}-%{major_version}.%{minor_version}.wrapper
 Patch0:         
%{name}-%{major_version}.%{minor_version}.bootstrap-MANIFEST.MF.patch
 Patch1:         apache-tomcat-CVE-2008-1947.patch
+Patch2:         apache-tomcat-CVE-2008-2370.patch
+Patch3:         apache-tomcat-CVE-2008-1232.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 BuildRequires:  ant
@@ -175,6 +184,8 @@
 %setup -q -c -T -a 0
 %patch0
 %patch1 -b .sav1
+%patch2 -b .sav2
+%patch3 -b .sav3
 
 %build
 pushd ${RPM_BUILD_DIR}/%{name}-%{version}/%{packdname}
@@ -448,6 +459,9 @@
 %{appdir}/examples
 
 %changelog
+* Wed Aug 06 2008 mvyskocil@xxxxxxx
+- fix CVE-2008-1232 and CVE-2008-2370: VUL-0: Apache Tomcat Cross-Site
+  Scripting and Security Bypass [bnc#414657]
 * Mon Jul 21 2008 mvyskocil@xxxxxxx
 - fixed [bnc#394503]:  tomcat6 is missing rctomcat6 link
   - add a /usr/sbin/rctomcat6 symlink

++++++ apache-tomcat-CVE-2008-1232.patch ++++++
--- 
apache-tomcat-6.0.16-src/java/org/apache/catalina/core/StandardContextValve.java
+++ 
apache-tomcat-6.0.16-src/java/org/apache/catalina/core/StandardContextValve.java
@@ -120,8 +120,7 @@
             || (requestPathMB.equalsIgnoreCase("/META-INF"))
             || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
             || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
-            String requestURI = request.getDecodedRequestURI();
-            notFound(requestURI, response);
+            notFound(response);
             return;
         }
 
@@ -138,7 +137,7 @@
         Wrapper wrapper = request.getWrapper();
         if (wrapper == null) {
             String requestURI = request.getDecodedRequestURI();
-            notFound(requestURI, response);
+            notFound(response);
             return;
         }
 
@@ -289,10 +288,10 @@
      * @param requestURI The request URI for the requested resource
      * @param response The response we are creating
      */
-    private void notFound(String requestURI, HttpServletResponse response) {
+    private void notFound(HttpServletResponse response) {
 
         try {
-            response.sendError(HttpServletResponse.SC_NOT_FOUND, requestURI);
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
         } catch (IllegalStateException e) {
             ;
         } catch (IOException e) {
--- apache-tomcat-6.0.16-src/java/org/apache/coyote/Constants.java
+++ apache-tomcat-6.0.16-src/java/org/apache/coyote/Constants.java
@@ -59,6 +59,12 @@
     public static final boolean IS_SECURITY_ENABLED =
         (System.getSecurityManager() != null);
 
-
+    /**
+     * If true, custom HTTP status messages will be used in headers.
+     */
+    public static final boolean USE_CUSTOM_STATUS_MSG_IN_HEADER =
+        Boolean.valueOf(System.getProperty(
+                "org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
+                "false")).booleanValue();
 
 }
--- apache-tomcat-6.0.16-src/java/org/apache/coyote/ajp/AjpAprProcessor.java
+++ apache-tomcat-6.0.16-src/java/org/apache/coyote/ajp/AjpAprProcessor.java
@@ -917,7 +917,10 @@
 
         // HTTP header contents
         responseHeaderMessage.appendInt(response.getStatus());
-        String message = response.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = response.getMessage();
+        }
         if (message == null){
             message = HttpMessages.getMessage(response.getStatus());
         } else {
--- apache-tomcat-6.0.16-src/java/org/apache/coyote/ajp/AjpProcessor.java
+++ apache-tomcat-6.0.16-src/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -923,7 +923,10 @@
 
         // HTTP header contents
         responseHeaderMessage.appendInt(response.getStatus());
-        String message = response.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = response.getMessage();
+        }
         if (message == null){
             message = HttpMessages.getMessage(response.getStatus());
         } else {
--- 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java
+++ 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java
@@ -421,11 +421,14 @@
         buf[pos++] = Constants.SP;
 
         // Write message
-        String message = response.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = response.getMessage();
+        } 
         if (message == null) {
             write(HttpMessages.getMessage(status));
         } else {
-            write(message);
+            write(message.replace('\n', ' ').replace('\r', ' '));
         }
 
         // End the response status line
--- 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalNioOutputBuffer.java
+++ 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalNioOutputBuffer.java
@@ -479,11 +479,14 @@
         buf[pos++] = Constants.SP;
 
         // Write message
-        String message = response.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = response.getMessage();
+        } 
         if (message == null) {
             write(HttpMessages.getMessage(status));
         } else {
-            write(message);
+            write(message.replace('\n', ' ').replace('\r', ' '));
         }
 
         // End the response status line
--- 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalOutputBuffer.java
+++ 
apache-tomcat-6.0.16-src/java/org/apache/coyote/http11/InternalOutputBuffer.java
@@ -438,11 +438,14 @@
         buf[pos++] = Constants.SP;
 
         // Write message
-        String message = response.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = response.getMessage();
+        } 
         if (message == null) {
             write(getMessage(status));
         } else {
-            write(message);
+            write(message.replace('\n', ' ').replace('\r', ' '));
         }
 
         // End the response status line
--- apache-tomcat-6.0.16-src/java/org/apache/jk/common/JkInputStream.java
+++ apache-tomcat-6.0.16-src/java/org/apache/jk/common/JkInputStream.java
@@ -272,7 +272,10 @@
         outputMsg.appendByte(AjpConstants.JK_AJP13_SEND_HEADERS);
         outputMsg.appendInt( res.getStatus() );
         
-        String message=res.getMessage();
+        String message = null;
+        if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
+            message = res.getMessage();
+        }
         if( message==null ){
             message= HttpMessages.getMessage(res.getStatus());
         } else {
++++++ apache-tomcat-CVE-2008-2370.patch ++++++
--- 
apache-tomcat-6.0.16-src/java/org/apache/catalina/core/ApplicationContext.java
+++ 
apache-tomcat-6.0.16-src/java/org/apache/catalina/core/ApplicationContext.java
@@ -368,10 +368,22 @@
             throw new IllegalArgumentException
                 (sm.getString
                  ("applicationContext.requestDispatcher.iae", path));
+        
+        // Get query string
+        String queryString = null;
+        int pos = path.indexOf('?');
+        if (pos >= 0) {
+            queryString = path.substring(pos + 1);
+        } else {
+            pos = path.length();
+        }
+
         path = normalize(path);
         if (path == null)
             return (null);
 
+        pos = path.length();
+
         // Use the thread local URI and mapping data
         DispatchData dd = dispatchData.get();
         if (dd == null) {
@@ -382,14 +394,6 @@
         MessageBytes uriMB = dd.uriMB;
         uriMB.recycle();
 
-        // Get query string
-        String queryString = null;
-        int pos = path.indexOf('?');
-        if (pos >= 0) {
-            queryString = path.substring(pos + 1);
-        } else {
-            pos = path.length();
-        }
  
         // Use the thread local mapping data
         MappingData mappingData = dd.mappingData;





++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx