tomcat/CVE-2024-54677-4.patch

From 3315a9027a7eaab18f42625b97b569940ff1365d Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 2 Dec 2024 18:13:07 +0000
Subject: [PATCH] Fix backprot

Origin: https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
---
 webapps/examples/WEB-INF/classes/SessionExample.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/webapps/examples/WEB-INF/classes/SessionExample.java b/webapps/examples/WEB-INF/classes/SessionExample.java
index 60eaa2e03e4b..14e7c9701c84 100644
--- a/webapps/examples/WEB-INF/classes/SessionExample.java
+++ b/webapps/examples/WEB-INF/classes/SessionExample.java
@@ -18,7 +18,6 @@
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.ResourceBundle;
@@ -113,7 +112,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
             out.println(HTMLFilter.filter(name) + " = " + HTMLFilter.filter(value));
             out.print("<a href=\"");
             out.print(HTMLFilter.filter(
-                    response.encodeURL("SessionExample?dataname=" + URLEncoder.encode(name, StandardCharsets.UTF_8))));
+                    response.encodeURL("SessionExample?dataname=" + URLEncoder.encode(name, "UTF-8"))));
             out.println("\" >delete</a>");
             out.println("<br>");
         }
Fix CVE-2024-50379 CVE-2024-54677 (cherry picked from commit 37b6fbcf4c334035b8423e43c24b2bea2397c27f) 2024-12-18 10:49:32 +08:00			`From 3315a9027a7eaab18f42625b97b569940ff1365d Mon Sep 17 00:00:00 2001`
			`From: Mark Thomas <markt@apache.org>`
			`Date: Mon, 2 Dec 2024 18:13:07 +0000`
			`Subject: [PATCH] Fix backprot`

			`Origin: https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d`
			`---`
			`webapps/examples/WEB-INF/classes/SessionExample.java \| 3 +--`
			`1 file changed, 1 insertion(+), 2 deletions(-)`

			`diff --git a/webapps/examples/WEB-INF/classes/SessionExample.java b/webapps/examples/WEB-INF/classes/SessionExample.java`
			`index 60eaa2e03e4b..14e7c9701c84 100644`
			`--- a/webapps/examples/WEB-INF/classes/SessionExample.java`
			`+++ b/webapps/examples/WEB-INF/classes/SessionExample.java`
			`@@ -18,7 +18,6 @@`
			`import java.io.IOException;`
			`import java.io.PrintWriter;`
			`import java.net.URLEncoder;`
			`-import java.nio.charset.StandardCharsets;`
			`import java.util.Date;`
			`import java.util.Enumeration;`
			`import java.util.ResourceBundle;`
			`@@ -113,7 +112,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro`
			`out.println(HTMLFilter.filter(name) + " = " + HTMLFilter.filter(value));`
			`out.print("<a href=\"");`
			`out.print(HTMLFilter.filter(`
			`- response.encodeURL("SessionExample?dataname=" + URLEncoder.encode(name, StandardCharsets.UTF_8))));`
			`+ response.encodeURL("SessionExample?dataname=" + URLEncoder.encode(name, "UTF-8"))));`
			`out.println("\" >delete</a>");`
			`out.println("<br>");`
			`}`