7131403 Upgrade Apache Tomcat to version 6.0.35
7127216 Problem with utility/tomcat
7131401 Problem with utility/tomcat
--- a/components/tomcat/Makefile Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/Makefile Fri Jan 20 01:03:54 2012 -0800
@@ -20,17 +20,17 @@
#
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= apache-tomcat
-COMPONENT_VERSION= 6.0.33
+COMPONENT_VERSION= 6.0.35
COMPONENT_PROJECT_URL= http://tomcat.apache.org/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)-src
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH= sha1:437db0ba55c6e398fe3af73c4fa5eed3c4666842
+COMPONENT_ARCHIVE_HASH= sha1:1a47ad41d52a27757cfeddf7fa1627688ed4027a
COMPONENT_ARCHIVE_URL= http://www.apache.org/dist/tomcat/tomcat-6/v$(COMPONENT_VERSION)/src/$(COMPONENT_ARCHIVE)
# Tomcat subcomponents
@@ -40,9 +40,9 @@
COMPONENT_ARCHIVE_2= commons-pool-1.5.6-src.tar.gz
COMPONENT_ARCHIVE_HASH_2= sha1:d97caa6670d7683f97749defb96aee6a7bcdbdf9
COMPONENT_ARCHIVE_URL_2= http://archive.apache.org/dist/commons/pool/source/$(COMPONENT_ARCHIVE_2)
-COMPONENT_ARCHIVE_3= ecj.jar
-COMPONENT_ARCHIVE_HASH_3= sha1:f4ddfbb80cb97b0bdfa8730102db9fec1630a983
-COMPONENT_ARCHIVE_URL_3= http://archive.eclipse.org/eclipse/downloads/drops/R-3.3.1-200709211145/$(COMPONENT_ARCHIVE_3)
+COMPONENT_ARCHIVE_3= ecj-3.7.jar
+COMPONENT_ARCHIVE_HASH_3= sha1:2377a3e1d3e89f342e1d7abe2bbfbfcc25b185ec
+COMPONENT_ARCHIVE_URL_3= http://download.eclipse.org/eclipse/downloads/drops/R-3.7-201106131736/$(COMPONENT_ARCHIVE_3)
include ../../make-rules/prep.mk
include ../../make-rules/ant.mk
--- a/components/tomcat/patches/CVE-2011-3190.patch Thu Jan 19 01:59:17 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
---- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:13 1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:42 1162959
-@@ -405,11 +405,13 @@
- }
- continue;
- } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-- // Usually the servlet didn't read the previous request body
-- if(log.isDebugEnabled()) {
-- log.debug("Unexpected message: "+type);
-+ // Unexpected packet type. Unread body packets should have
-+ // been swallowed in finish().
-+ if (log.isDebugEnabled()) {
-+ log.debug("Unexpected message: " + type);
- }
-- continue;
-+ error = true;
-+ break;
- }
-
- keptAlive = true;
-@@ -1056,6 +1058,11 @@
-
- finished = true;
-
-+ // Swallow the unread body packet if present
-+ if (first && request.getContentLengthLong() > 0) {
-+ receive();
-+ }
-+
- // Add the end message
- if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
- flush();
---- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:13 1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:42 1162959
-@@ -423,11 +423,13 @@
- }
- continue;
- } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-- // Usually the servlet didn't read the previous request body
-- if(log.isDebugEnabled()) {
-- log.debug("Unexpected message: "+type);
-+ // Unexpected packet type. Unread body packets should have
-+ // been swallowed in finish().
-+ if (log.isDebugEnabled()) {
-+ log.debug("Unexpected message: " + type);
- }
-- continue;
-+ error = true;
-+ break;
- }
-
- request.setStartTime(System.currentTimeMillis());
-@@ -1061,6 +1063,11 @@
-
- finished = true;
-
-+ // Swallow the unread body packet if present
-+ if (first && request.getContentLengthLong() > 0) {
-+ receive();
-+ }
-+
- // Add the end message
- output.write(endMessageArray);
-
---- trunk/webapps/docs/changelog.xml 2011/08/29 19:45:13 1162958
-+++ trunk/webapps/docs/changelog.xml 2011/08/29 19:45:42 1162959
-@@ -52,6 +52,14 @@
- </fix>
- </changelog>
- </subsection>
-+ <subsection name="Coyote">
-+ <changelog>
-+ <fix>
-+ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
-+ (markt)
-+ </fix>
-+ </changelog>
-+ </subsection>
- </section>
- <section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
- <subsection name="Catalina">
--- a/components/tomcat/patches/build.properties.patch Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/patches/build.properties.patch Fri Jan 20 01:03:54 2012 -0800
@@ -1,5 +1,5 @@
---- apache-tomcat-6.0.33-src/build.properties.default Tue Aug 16 06:34:59 2011
-+++ apache-tomcat-6.0.33-src/build.properties.default Tue Aug 16 06:39:29 2011
+--- apache-tomcat-6.0.35-src/build.properties.default Thu Jan 12 06:48:46 2012
++++ apache-tomcat-6.0.35-src/build.properties.default Thu Jan 12 06:51:47 2012
@@ -54,6 +54,12 @@
base-sf.loc=http://downloads.sourceforge.net
base-maven.loc=http://repo2.maven.org/maven2
@@ -17,9 +17,9 @@
jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
# The download will be moved to the archive area eventually. We are taking care of that in advance.
# Note older JARs were called ecj.jar. Newer JARs are called ecj-${jdt.version}.jar
--jdt.loc.1=http://archive.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj.jar
-+jdt.loc.1=${userland-files.loc}/ecj.jar
- jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj.jar
+-jdt.loc.1=http://archive.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj-${jdt.version}.jar
++jdt.loc.1=${userland-files.loc}/ecj-${jdt.version}.jar
+ jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops/${jdt.release}/ecj-${jdt.version}.jar
# ----- Tomcat native library -----
@@ -129,16 +135,16 @@
--- a/components/tomcat/tomcat.p5m Thu Jan 19 01:59:17 2012 -0800
+++ b/components/tomcat/tomcat.p5m Fri Jan 20 01:03:54 2012 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr/tomcat6/(.+)$ -> \
@@ -231,7 +231,7 @@
file path=usr/tomcat6/lib/catalina-ha.jar
file path=usr/tomcat6/lib/catalina-tribes.jar
file path=usr/tomcat6/lib/catalina.jar
-file path=usr/tomcat6/lib/ecj-3.3.1.jar
+file path=usr/tomcat6/lib/ecj-3.7.jar
file path=usr/tomcat6/lib/el-api.jar
file path=usr/tomcat6/lib/jasper-el.jar
file path=usr/tomcat6/lib/jasper.jar