--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/tomcat/patches/CVE-2011-3190.patch Fri Sep 02 06:01:11 2011 -0700
@@ -0,0 +1,81 @@
+--- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:13 1162958
++++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:42 1162959
+@@ -405,11 +405,13 @@
+ }
+ continue;
+ } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
+- // Usually the servlet didn't read the previous request body
+- if(log.isDebugEnabled()) {
+- log.debug("Unexpected message: "+type);
++ // Unexpected packet type. Unread body packets should have
++ // been swallowed in finish().
++ if (log.isDebugEnabled()) {
++ log.debug("Unexpected message: " + type);
+ }
+- continue;
++ error = true;
++ break;
+ }
+
+ keptAlive = true;
+@@ -1056,6 +1058,11 @@
+
+ finished = true;
+
++ // Swallow the unread body packet if present
++ if (first && request.getContentLengthLong() > 0) {
++ receive();
++ }
++
+ // Add the end message
+ if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
+ flush();
+--- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:13 1162958
++++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:42 1162959
+@@ -423,11 +423,13 @@
+ }
+ continue;
+ } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
+- // Usually the servlet didn't read the previous request body
+- if(log.isDebugEnabled()) {
+- log.debug("Unexpected message: "+type);
++ // Unexpected packet type. Unread body packets should have
++ // been swallowed in finish().
++ if (log.isDebugEnabled()) {
++ log.debug("Unexpected message: " + type);
+ }
+- continue;
++ error = true;
++ break;
+ }
+
+ request.setStartTime(System.currentTimeMillis());
+@@ -1061,6 +1063,11 @@
+
+ finished = true;
+
++ // Swallow the unread body packet if present
++ if (first && request.getContentLengthLong() > 0) {
++ receive();
++ }
++
+ // Add the end message
+ output.write(endMessageArray);
+
+--- trunk/webapps/docs/changelog.xml 2011/08/29 19:45:13 1162958
++++ trunk/webapps/docs/changelog.xml 2011/08/29 19:45:42 1162959
+@@ -52,6 +52,14 @@
+ </fix>
+ </changelog>
+ </subsection>
++ <subsection name="Coyote">
++ <changelog>
++ <fix>
++ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
++ (markt)
++ </fix>
++ </changelog>
++ </subsection>
+ </section>
+ <section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
+ <subsection name="Catalina">