tomcat/CVE-2024-54677-6.patch

From 75ff7e8622edcc024b268677aa789ee8f0880ecc Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 4 Dec 2024 07:27:40 +0000
Subject: [PATCH] Fix back-port

Origin: https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
---
 webapps/examples/jsp/security/protected/index.jsp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/examples/jsp/security/protected/index.jsp b/webapps/examples/jsp/security/protected/index.jsp
index 987a30fd1878..f4c90b8b715c 100644
--- a/webapps/examples/jsp/security/protected/index.jsp
+++ b/webapps/examples/jsp/security/protected/index.jsp
@@ -178,7 +178,7 @@ To add some data to the authenticated session, enter it here:
 <tr>
   <td><%= util.HTMLFilter.filter(name) %></td>
   <td><%= util.HTMLFilter.filter(value) %></td>
-  <td><a href='<%= response.encodeURL("index.jsp?dataName=" + URLEncoder.encode(name, StandardCharsets.UTF_8)) %>'>delete</a></td>
+  <td><a href='<%= response.encodeURL("index.jsp?dataName=" + URLEncoder.encode(name, "UTF-8")) %>'>delete</a></td>
 </tr>
 <%
   }
Fix CVE-2024-50379 CVE-2024-54677 (cherry picked from commit 37b6fbcf4c334035b8423e43c24b2bea2397c27f) 2024-12-18 10:49:32 +08:00			`From 75ff7e8622edcc024b268677aa789ee8f0880ecc Mon Sep 17 00:00:00 2001`
			`From: Mark Thomas <markt@apache.org>`
			`Date: Wed, 4 Dec 2024 07:27:40 +0000`
			`Subject: [PATCH] Fix back-port`

			`Origin: https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc`
			`---`
			`webapps/examples/jsp/security/protected/index.jsp \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/webapps/examples/jsp/security/protected/index.jsp b/webapps/examples/jsp/security/protected/index.jsp`
			`index 987a30fd1878..f4c90b8b715c 100644`
			`--- a/webapps/examples/jsp/security/protected/index.jsp`
			`+++ b/webapps/examples/jsp/security/protected/index.jsp`
			`@@ -178,7 +178,7 @@ To add some data to the authenticated session, enter it here:`
			`<tr>`
			`<td><%= util.HTMLFilter.filter(name) %></td>`
			`<td><%= util.HTMLFilter.filter(value) %></td>`
			`- <td><a href='<%= response.encodeURL("index.jsp?dataName=" + URLEncoder.encode(name, StandardCharsets.UTF_8)) %>'>delete</a></td>`
			`+ <td><a href='<%= response.encodeURL("index.jsp?dataName=" + URLEncoder.encode(name, "UTF-8")) %>'>delete</a></td>`
			`</tr>`
			`<%`
			`}`