Hello community, here is the log from the commit of package jakarta-commons-fileupload for openSUSE:Factory checked in at 2014-04-03 17:07:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jakarta-commons-fileupload (Old) and /work/SRC/openSUSE:Factory/.jakarta-commons-fileupload.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "jakarta-commons-fileupload" Changes: -------- --- /work/SRC/openSUSE:Factory/jakarta-commons-fileupload/jakarta-commons-fileupload.changes 2013-10-24 14:08:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.jakarta-commons-fileupload.new/jakarta-commons-fileupload.changes 2014-04-03 17:07:32.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Apr 2 13:16:52 UTC 2014 - tchvatal@suse.com + +- Fix bnc#862781/CVE-2014-0050: buffer overflow + http://svn.apache.org/viewvc?view=revision&revision=1565143 + * jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch + +------------------------------------------------------------------- New: ---- jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jakarta-commons-fileupload.spec ++++++ --- /var/tmp/diff_new_pack.8QPyVb/_old 2014-04-03 17:07:32.000000000 +0200 +++ /var/tmp/diff_new_pack.8QPyVb/_new 2014-04-03 17:07:32.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package jakarta-commons-fileupload # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,8 @@ #PATCH-FIX-UPSTREAM: bnc#846174 #DiskFileItem.java part of http://svn.apache.org/viewvc?view=revision&revision=1507048 Patch2: jakarta-commons-fileupload-CVE-2013-2186.patch +#PATCH-FIX-UPSTREAM: bnc#862781 +Patch3: jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: ant @@ -83,6 +85,7 @@ %patch0 -b .build.xml %patch1 -p0 -b .servletapi5 %patch2 -p0 +%patch3 -p1 # ----------------------------------------------------------------------------- %build ++++++ jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch ++++++ --- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java 2006-06-08 10:14:31.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadBase.java 2014-04-02 15:08:19.683187831 +0200 @@ -15,6 +15,8 @@ */ package org.apache.commons.fileupload; +import static java.lang.String.format; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -158,6 +160,8 @@ */ public static final int MAX_HEADER_SIZE = 1024; + private MultipartStream multi; + // ----------------------------------------------------------- Data members @@ -328,7 +332,12 @@ InputStream input = ctx.getInputStream(); - MultipartStream multi = new MultipartStream(input, boundary); + try { + multi = new MultipartStream(input, boundary); + } catch (IllegalArgumentException iae) { + throw new InvalidContentTypeException( + format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae); + } multi.setHeaderEncoding(charEncoding); boolean nextPart = multi.skipPreamble(); @@ -601,6 +610,10 @@ public InvalidContentTypeException(String message) { super(message); } + + public InvalidContentTypeException(String msg, Throwable cause) { + super(msg, cause); + } } diff -urN commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java --- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java 2014-04-02 14:23:47.116940699 +0200 @@ -259,8 +259,12 @@ // We prepend CR/LF to the boundary to chop trailng CR/LF from // body-data tokens. - this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length]; this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; + if (bufSize < this.boundaryLength + 1) { + throw new IllegalArgumentException( + "The buffer size specified for the MultipartStream is too small"); + } + this.boundary = new byte[this.boundaryLength]; this.keepRegion = boundary.length + KEEP_REGION_PAD; System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length); --- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadException.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadException.java 2014-04-02 15:13:02.806214012 +0200 @@ -15,6 +15,9 @@ */ package org.apache.commons.fileupload; +import java.io.PrintStream; +import java.io.PrintWriter; + /** * Exception for errors encountered while processing the request. * @@ -25,9 +28,16 @@ extends Exception { /** + * The exceptions cause. We overwrite the cause of + * the super class, which isn't available in Java 1.3. + */ + private final Throwable cause; + + /** * Constructs a new <code>FileUploadException</code> without message. */ public FileUploadException() { + this(null, null); } /** @@ -37,6 +47,55 @@ * @param msg the error message. */ public FileUploadException(final String msg) { + this(msg, null); + } + + /** + * Creates a new <code>FileUploadException</code> with the given + * detail message and cause. + * + * @param msg The exceptions detail message. + * @param cause The exceptions cause. + */ + public FileUploadException(String msg, Throwable cause) { super(msg); + this.cause = cause; + } + + /** + * Prints this throwable and its backtrace to the specified print stream. + * + * @param stream <code>PrintStream</code> to use for output + */ + @Override + public void printStackTrace(PrintStream stream) { + super.printStackTrace(stream); + if (cause != null) { + stream.println("Caused by:"); + cause.printStackTrace(stream); + } + } + + /** + * Prints this throwable and its backtrace to the specified + * print writer. + * + * @param writer <code>PrintWriter</code> to use for output + */ + @Override + public void printStackTrace(PrintWriter writer) { + super.printStackTrace(writer); + if (cause != null) { + writer.println("Caused by:"); + cause.printStackTrace(writer); + } + } + + /** + * {@inheritDoc} + */ + @Override + public Throwable getCause() { + return cause; } } --- commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2014-04-02 15:15:35.770228156 +0200 @@ -39,7 +39,7 @@ final String strData = "foobar"; InputStream input = new ByteArrayInputStream(strData.getBytes()); byte[] boundary = BOUNDARY_TEXT.getBytes(); - int iBufSize = boundary.length; + int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1; MultipartStream ms = new MultipartStream( input, boundary, -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org