Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
tomcat
tomcat-8.0.53-CVE-2023-42795.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-8.0.53-CVE-2023-42795.patch of Package tomcat
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/LocalStrings.properties +++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties @@ -50,6 +50,7 @@ coyoteRequest.attributeEvent=Exception t coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs. coyoteRequest.chunkedPostTooLarge=Parameters were not parsed because the size of the posted data was too big. Because this request was a chunked request, it could not be processed further. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs. +coyoteRequest.deletePartFailed=Failed to deleted temporary file used for part [{0}] coyoteRequest.alreadyAuthenticated=This request has already been authenticated coyoteRequest.authenticate.ise=Cannot call authenticate() after the response has been committed coyoteRequest.uploadLocationInvalid=The temporary upload location [{0}] is not valid Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/core/ApplicationHttpRequest.java =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/core/ApplicationHttpRequest.java +++ apache-tomcat-8.0.53-src/java/org/apache/catalina/core/ApplicationHttpRequest.java @@ -39,9 +39,11 @@ import org.apache.catalina.Globals; import org.apache.catalina.Manager; import org.apache.catalina.Session; import org.apache.catalina.util.ParameterMap; +import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.http.Parameters; +import org.apache.tomcat.util.res.StringManager; /** @@ -64,6 +66,7 @@ class ApplicationHttpRequest extends Htt // ------------------------------------------------------- Static Variables + private static final StringManager sm = StringManager.getManager(ApplicationHttpRequest.class); /** * The set of attribute names that are special for request dispatchers. @@ -619,7 +622,12 @@ class ApplicationHttpRequest extends Htt */ public void recycle() { if (session != null) { - session.endAccess(); + try { + session.endAccess(); + } catch (Throwable t) { + ExceptionUtils.handleThrowable(t); + context.getLogger().warn(sm.getString("applicationHttpRequest.sessionEndAccessFail"), t); + } } } Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/Request.java +++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java @@ -471,8 +471,9 @@ public class Request for (Part part: parts) { try { part.delete(); - } catch (IOException ignored) { - // ApplicationPart.delete() never throws an IOEx + } catch (Throwable t) { + ExceptionUtils.handleThrowable(t); + log.warn(sm.getString("coyoteRequest.deletePartFailed", part.getName()), t); } } parts = null; @@ -522,8 +523,8 @@ public class Request asyncSupported = null; if (asyncContext!=null) { asyncContext.recycle(); + asyncContext = null; } - asyncContext = null; pathParameters.clear(); } Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/core/LocalStrings.properties =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/core/LocalStrings.properties +++ apache-tomcat-8.0.53-src/java/org/apache/catalina/core/LocalStrings.properties @@ -52,6 +52,7 @@ applicationFilterRegistration.nullInitPa applicationFilterRegistration.nullInitParams=Unable to set initialisation parameters for filter due to null name and/or value. Name [{0}], Value [{1}] applicationServletRegistration.setServletSecurity.iae=Null constraint specified for servlet [{0}] deployed to context with name [{1}] applicationServletRegistration.setServletSecurity.ise=Security constraints can''t be added to servlet [{0}] deployed to context with name [{1}] as the context has already been initialised +applicationHttpRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling request applicationSessionCookieConfig.ise=Property {0} can not be added to SessionCookieConfig for context {1} as the context has been initialised aprListener.aprInit=The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {0} aprListener.aprInitDebug=The APR based Apache Tomcat Native library could not be found using names [{0}] on the java.library.path [{1}]. The errors reported were [{2}] Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/B2CConverter.java =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/B2CConverter.java +++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/B2CConverter.java @@ -29,6 +29,9 @@ import java.util.HashMap; import java.util.Locale; import java.util.Map; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.res.StringManager; /** @@ -36,6 +39,8 @@ import org.apache.tomcat.util.res.String */ public class B2CConverter { + private static final Log log = LogFactory.getLog(B2CConverter.class); + private static final StringManager sm = StringManager.getManager(Constants.Package); @@ -121,7 +126,12 @@ public class B2CConverter { * Reset the decoder state. */ public void recycle() { - decoder.reset(); + try { + decoder.reset(); + } catch (Throwable t) { + ExceptionUtils.handleThrowable(t); + log.warn(sm.getString("b2cConverter.decoderResetFail", decoder.charset()), t); + } leftovers.position(0); } Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/C2BConverter.java =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/C2BConverter.java +++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/C2BConverter.java @@ -23,11 +23,19 @@ import java.nio.charset.CharsetEncoder; import java.nio.charset.CoderResult; import java.nio.charset.CodingErrorAction; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.ExceptionUtils; +import org.apache.tomcat.util.res.StringManager; + /** * NIO based character encoder. */ public final class C2BConverter { + private static final Log log = LogFactory.getLog(C2BConverter.class); + private static final StringManager sm = StringManager.getManager(C2BConverter.class); + private final CharsetEncoder encoder; private ByteBuffer bb = null; private CharBuffer cb = null; @@ -51,7 +59,12 @@ public final class C2BConverter { * Reset the encoder state. */ public void recycle() { - encoder.reset(); + try { + encoder.reset(); + } catch (Throwable t) { + ExceptionUtils.handleThrowable(t); + log.warn(sm.getString("c2bConverter.decoderResetFail", encoder.charset()), t); + } leftovers.position(0); } Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/LocalStrings.properties =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/LocalStrings.properties +++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/LocalStrings.properties @@ -13,7 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +b2cConverter.decoderResetFail=Failed to reset instance of decoder for character set [{0}] b2cConverter.unknownEncoding=The character encoding [{0}] is not supported + +c2bConverter.encoderResetFail=Failed to reset instance of encoder for character set [{0}] c2bConverter.recycleFailed=Failed to recycle the C2B Converter. Creating new BufferedWriter, WriteConvertor and IntermediateOutputStream. hexUtils.fromHex.oddDigits=The input must consist of an even number of hex digits Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml +++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml @@ -159,6 +159,10 @@ <fix> Avoid protocol relative redirects in FORM authentication. (markt) </fix> + <add> + Improve handling of failures within <code>recycle()</code> methods. + (markt) + </add> </changelog> </subsection> <subsection name="Coyote">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
