packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-41079

Browse Source 
(cherry picked from commit 129412ec913d5312f0d351a7faecc185cc348427)
This commit is contained in:
houyingchao 2021-10-09 15:26:15 +08:00 committed by openeuler-sync-bot
parent abcd69276f
commit b0c2876434
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2021-41079.patch Normal file
View File

@ -0,0 +1,24 @@
From d4b340fa8feaf55831f9a59350578f7b6ca048b8 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 3 Mar 2021 12:00:46 +0000
Subject: [PATCH] Improve robustness
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
1 file changed, 1 insertion(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 1919159..1ab5f43 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -52,6 +52,7 @@ engine.nullCipherSuite=Null cipher suite
engine.unsupportedCipher=Unsupported cipher suite: [{0}] [{1}]
engine.emptyCipherSuite=Empty cipher suite
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
+engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read
engine.unsupportedProtocol=Protocol [{0}] is not supported
engine.unverifiedPeer=Peer unverified
engine.noSession=SSL session ID not available
--
2.23.0

6
tomcat.spec
View File

@ -13,7 +13,7 @@
Name: tomcat Name: tomcat
Epoch: 1 Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version} Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 20 Release: 21
Summary: Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies Summary: Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
License: ASL 2.0 License: ASL 2.0
URL: http://tomcat.apache.org/ URL: http://tomcat.apache.org/
@ -98,6 +98,7 @@ Patch6053: CVE-2021-30640-5.patch
Patch6054: CVE-2021-30640-6.patch Patch6054: CVE-2021-30640-6.patch
Patch6055: CVE-2021-30640-7.patch Patch6055: CVE-2021-30640-7.patch
Patch6056: CVE-2021-30640-8.patch Patch6056: CVE-2021-30640-8.patch
Patch6057: CVE-2021-41079.patch
BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon
BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant
@ -499,6 +500,9 @@ fi
%{_javadocdir}/%{name} %{_javadocdir}/%{name}
%changelog %changelog
* Sat Oct 9 2021 houyingchao <houyingchao@huawei.com> - 1:9.0.10-21
- Fix CVE-2021-41079
* Thu Jul 29 2021 wangyue <wangyue92@huawei.com> - 1:9.0.10-20 * Thu Jul 29 2021 wangyue <wangyue92@huawei.com> - 1:9.0.10-20
- Fix CVE-2021-30640 - Fix CVE-2021-30640