From d3c23ee306cf22dd77d908fb9382fa8ded1e6764 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 16 2018 07:51:17 +0000 Subject: import tomcat-7.0.76-8.el7_5 --- diff --git a/SOURCES/tomcat-7.0.76-CVE-2018-1336.patch b/SOURCES/tomcat-7.0.76-CVE-2018-1336.patch new file mode 100644 index 0000000..fdfce82 --- /dev/null +++ b/SOURCES/tomcat-7.0.76-CVE-2018-1336.patch @@ -0,0 +1,33 @@ +--- java/org/apache/tomcat/util/buf/Utf8Decoder.java.orig 2018-10-01 11:41:20.080777790 -0400 ++++ java/org/apache/tomcat/util/buf/Utf8Decoder.java 2018-10-01 11:42:07.421663409 -0400 +@@ -277,6 +277,11 @@ public class Utf8Decoder extends Charset + outRemaining--; + } else { + if (outRemaining < 2) { ++ // Encoded with 4 bytes. inIndex currently points ++ // to the final byte. Move it back to first byte. ++ inIndex -= 3; ++ in.position(inIndex - in.arrayOffset()); ++ out.position(outIndex - out.arrayOffset()); + return CoderResult.OVERFLOW; + } + cArr[outIndex++] = (char) ((jchar >> 0xA) + 0xD7C0); +--- webapps/docs/changelog.xml.orig 2018-10-01 11:47:17.700912507 -0400 ++++ webapps/docs/changelog.xml 2018-10-01 11:47:40.889856277 -0400 +@@ -57,6 +57,16 @@ + They eventually become mixed with the numbered issues. (I.e., numbered + issues do not "pop up" wrt. others). + --> ++
++ ++ ++ ++ Improve handing of overflow in the UTF-8 decoder with supplementary ++ characters. (markt) ++ ++ ++ ++
+
+ + diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec index 8155505..f3ac654 100644 --- a/SPECS/tomcat.spec +++ b/SPECS/tomcat.spec @@ -54,7 +54,7 @@ Name: tomcat Epoch: 0 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 7%{?dist} +Release: 8%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Group: System Environment/Daemons @@ -93,6 +93,7 @@ Patch5: %{name}-7.0.76-CVE-2017-5647.patch Patch6: %{name}-7.0.76-CVE-2017-7674.patch Patch7: %{name}-7.0.76-CVE-2017-12617.patch Patch8: patch.rhbz1602060 +Patch9: %{name}-7.0.76-CVE-2018-1336.patch BuildArch: noarch @@ -246,6 +247,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch6 -p0 %patch7 -p0 %patch8 -p0 +%patch9 -p0 %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar @@ -690,6 +692,9 @@ fi %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service %changelog +* Mon Oct 01 2018 Coty Sutherland 0:7.0.76-8 +- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS + * Wed Jul 18 2018 Jean-Frederic Clere 0:7.0.76-7 - Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session.