Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7131403 Upgrade Apache Tomcat to version 6.0.35
authorPetr Sumbera <petr.sumbera@oracle.com>
Fri, 20 Jan 2012 01:03:54 -0800
changeset 657 5ec76cbd6116
parent 656 91ada9bbfbd6
child 658 714803fd87a0
7131403 Upgrade Apache Tomcat to version 6.0.35 7127216 Problem with utility/tomcat 7131401 Problem with utility/tomcat
components/tomcat/Makefile file | annotate | diff | comparison | revisions
components/tomcat/patches/CVE-2011-3190.patch file | annotate | diff | comparison | revisions
components/tomcat/patches/build.properties.patch file | annotate | diff | comparison | revisions
components/tomcat/tomcat.p5m file | annotate | diff | comparison | revisions 
--- a/components/tomcat/Makefile	Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/Makefile	Fri Jan 20 01:03:54 2012 -0800
@@ -20,17 +20,17 @@
 #
 
 #
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		apache-tomcat
-COMPONENT_VERSION=	6.0.33
+COMPONENT_VERSION=	6.0.35
 COMPONENT_PROJECT_URL=	http://tomcat.apache.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)-src
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha1:437db0ba55c6e398fe3af73c4fa5eed3c4666842
+COMPONENT_ARCHIVE_HASH=	sha1:1a47ad41d52a27757cfeddf7fa1627688ed4027a
 COMPONENT_ARCHIVE_URL=	http://www.apache.org/dist/tomcat/tomcat-6/v$(COMPONENT_VERSION)/src/$(COMPONENT_ARCHIVE)
 
 # Tomcat subcomponents
@@ -40,9 +40,9 @@
 COMPONENT_ARCHIVE_2= commons-pool-1.5.6-src.tar.gz
 COMPONENT_ARCHIVE_HASH_2= sha1:d97caa6670d7683f97749defb96aee6a7bcdbdf9
 COMPONENT_ARCHIVE_URL_2= http://archive.apache.org/dist/commons/pool/source/$(COMPONENT_ARCHIVE_2)
-COMPONENT_ARCHIVE_3= ecj.jar
-COMPONENT_ARCHIVE_HASH_3= sha1:f4ddfbb80cb97b0bdfa8730102db9fec1630a983
-COMPONENT_ARCHIVE_URL_3= http://archive.eclipse.org/eclipse/downloads/drops/R-3.3.1-200709211145/$(COMPONENT_ARCHIVE_3)
+COMPONENT_ARCHIVE_3= ecj-3.7.jar
+COMPONENT_ARCHIVE_HASH_3= sha1:2377a3e1d3e89f342e1d7abe2bbfbfcc25b185ec
+COMPONENT_ARCHIVE_URL_3= http://download.eclipse.org/eclipse/downloads/drops/R-3.7-201106131736/$(COMPONENT_ARCHIVE_3)
 
 include ../../make-rules/prep.mk
 include ../../make-rules/ant.mk
--- a/components/tomcat/patches/CVE-2011-3190.patch	Thu Jan 19 01:59:17 2012 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
---- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:13	1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:42	1162959
-@@ -405,11 +405,13 @@
-                     }
-                     continue;
-                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
--                    // Usually the servlet didn't read the previous request body
--                    if(log.isDebugEnabled()) {
--                        log.debug("Unexpected message: "+type);
-+                    // Unexpected packet type. Unread body packets should have
-+                    // been swallowed in finish().
-+                    if (log.isDebugEnabled()) {
-+                        log.debug("Unexpected message: " + type);
-                     }
--                    continue;
-+                    error = true;
-+                    break;
-                 }
- 
-                 keptAlive = true;
-@@ -1056,6 +1058,11 @@
- 
-         finished = true;
- 
-+        // Swallow the unread body packet if present
-+        if (first && request.getContentLengthLong() > 0) {
-+            receive();
-+        }
-+        
-         // Add the end message
-         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
-             flush();
---- trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:13	1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:42	1162959
-@@ -423,11 +423,13 @@
-                     }
-                     continue;
-                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
--                    // Usually the servlet didn't read the previous request body
--                    if(log.isDebugEnabled()) {
--                        log.debug("Unexpected message: "+type);
-+                    // Unexpected packet type. Unread body packets should have
-+                    // been swallowed in finish().
-+                    if (log.isDebugEnabled()) {
-+                        log.debug("Unexpected message: " + type);
-                     }
--                    continue;
-+                    error = true;
-+                    break;
-                 }
- 
-                 request.setStartTime(System.currentTimeMillis());
-@@ -1061,6 +1063,11 @@
- 
-         finished = true;
- 
-+        // Swallow the unread body packet if present
-+        if (first && request.getContentLengthLong() > 0) {
-+            receive();
-+        }
-+        
-         // Add the end message
-         output.write(endMessageArray);
- 
---- trunk/webapps/docs/changelog.xml	2011/08/29 19:45:13	1162958
-+++ trunk/webapps/docs/changelog.xml	2011/08/29 19:45:42	1162959
-@@ -52,6 +52,14 @@
-       </fix>
-     </changelog>
-   </subsection>
-+  <subsection name="Coyote">
-+    <changelog>
-+      <fix>
-+        <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
-+        (markt)
-+      </fix>
-+    </changelog>
-+  </subsection>
- </section>
- <section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
-   <subsection name="Catalina">
--- a/components/tomcat/patches/build.properties.patch	Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/patches/build.properties.patch	Fri Jan 20 01:03:54 2012 -0800
@@ -1,5 +1,5 @@
---- apache-tomcat-6.0.33-src/build.properties.default	Tue Aug 16 06:34:59 2011
-+++ apache-tomcat-6.0.33-src/build.properties.default	Tue Aug 16 06:39:29 2011
+--- apache-tomcat-6.0.35-src/build.properties.default	Thu Jan 12 06:48:46 2012
++++ apache-tomcat-6.0.35-src/build.properties.default	Thu Jan 12 06:51:47 2012
 @@ -54,6 +54,12 @@
  base-sf.loc=http://downloads.sourceforge.net
  base-maven.loc=http://repo2.maven.org/maven2
@@ -17,9 +17,9 @@
  jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
  # The download will be moved to the archive area eventually. We are taking care of that in advance.
  # Note older JARs were called ecj.jar. Newer JARs are called ecj-${jdt.version}.jar
--jdt.loc.1=http://archive.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj.jar
-+jdt.loc.1=${userland-files.loc}/ecj.jar
- jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj.jar
+-jdt.loc.1=http://archive.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj-${jdt.version}.jar
++jdt.loc.1=${userland-files.loc}/ecj-${jdt.version}.jar
+ jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj-${jdt.version}.jar
  
  # ----- Tomcat native library -----
 @@ -129,16 +135,16 @@
--- a/components/tomcat/tomcat.p5m	Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/tomcat.p5m	Fri Jan 20 01:03:54 2012 -0800
@@ -20,7 +20,7 @@
 #
 
 #
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr/tomcat6/(.+)$ -> \
@@ -231,7 +231,7 @@
 file path=usr/tomcat6/lib/catalina-ha.jar
 file path=usr/tomcat6/lib/catalina-tribes.jar
 file path=usr/tomcat6/lib/catalina.jar
-file path=usr/tomcat6/lib/ecj-3.3.1.jar
+file path=usr/tomcat6/lib/ecj-3.7.jar
 file path=usr/tomcat6/lib/el-api.jar
 file path=usr/tomcat6/lib/jasper-el.jar
 file path=usr/tomcat6/lib/jasper.jar
upstream/oracle/userland-gate