diff --git a/apache-commons-fileupload-CVE-2014-0050.patch b/apache-commons-fileupload-CVE-2014-0050.patch
new file mode 100644
index 0000000..3780736
--- /dev/null
+++ b/apache-commons-fileupload-CVE-2014-0050.patch
@@ -0,0 +1,151 @@
+diff --git a/src/main/java/org/apache/commons/fileupload/FileUploadBase.java b/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
+index b693744..c8f5ca1 100644
+--- a/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
++++ b/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
+@@ -991,7 +991,12 @@ public abstract class FileUploadBase {
+ }
+
+ notifier = new MultipartStream.ProgressNotifier(listener, requestSize);
+- multi = new MultipartStream(input, boundary, notifier);
++ try {
++ multi = new MultipartStream(input, boundary, notifier);
++ } catch (IllegalArgumentException iae) {
++ throw new InvalidContentTypeException(
++ format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae);
++ }
+ multi.setHeaderEncoding(charEncoding);
+
+ skipPreamble = true;
+@@ -1183,7 +1188,7 @@ public abstract class FileUploadBase {
+ * detail message.
+ */
+ public InvalidContentTypeException() {
+- // Nothing to do.
++ super();
+ }
+
+ /**
+@@ -1196,6 +1201,9 @@ public abstract class FileUploadBase {
+ super(message);
+ }
+
++ public InvalidContentTypeException(String msg, Throwable cause) {
++ super(msg, cause);
++ }
+ }
+
+ /**
+diff --git a/src/main/java/org/apache/commons/fileupload/MultipartStream.java b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
+index 9088947..0474ef9 100644
+--- a/src/main/java/org/apache/commons/fileupload/MultipartStream.java
++++ b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
+@@ -268,10 +268,8 @@ public class MultipartStream {
+ /**
+ * Creates a new instance.
+ *
+- * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[],
+- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)},
+- * or {@link #MultipartStream(InputStream, byte[], int,
+- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)}
++ * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
++ * ProgressNotifier)}
+ */
+ @Deprecated
+ public MultipartStream() {
+@@ -292,10 +290,8 @@ public class MultipartStream {
+ * encapsulations.
+ * @param bufSize The size of the buffer to be used, in bytes.
+ *
+- * @see #MultipartStream(InputStream, byte[],
+- * MultipartStream.ProgressNotifier)
+ * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
+- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)}.
++ * ProgressNotifier)}.
+ */
+ @Deprecated
+ public MultipartStream(InputStream input, byte[] boundary, int bufSize) {
+@@ -317,8 +313,7 @@ public class MultipartStream {
+ * @param pNotifier The notifier, which is used for calling the
+ * progress listener, if any.
+ *
+- * @see #MultipartStream(InputStream, byte[],
+- * MultipartStream.ProgressNotifier)
++ * @throws IllegalArgumentException If the buffer size is too small
+ */
+ MultipartStream(InputStream input,
+ byte[] boundary,
+@@ -331,9 +326,14 @@ public class MultipartStream {
+
+ // We prepend CR/LF to the boundary to chop trailing CR/LF from
+ // body-data tokens.
+- this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
+ this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
++ if (bufSize < this.boundaryLength + 1) {
++ throw new IllegalArgumentException(
++ "The buffer size specified for the MultipartStream is too small");
++ }
++ this.boundary = new byte[this.boundaryLength];
+ this.keepRegion = this.boundary.length;
++
+ System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
+ BOUNDARY_PREFIX.length);
+ System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length,
+@@ -352,8 +352,7 @@ public class MultipartStream {
+ * @param pNotifier An object for calling the progress listener, if any.
+ *
+ *
+- * @see #MultipartStream(InputStream, byte[], int,
+- * MultipartStream.ProgressNotifier)
++ * @see #MultipartStream(InputStream, byte[], int, ProgressNotifier)
+ */
+ MultipartStream(InputStream input,
+ byte[] boundary,
+@@ -368,10 +367,8 @@ public class MultipartStream {
+ * @param boundary The token used for dividing the stream into
+ * encapsulations.
+ *
+- * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[],
+- * MultipartStream.ProgressNotifier)}.
+- * @see #MultipartStream(InputStream, byte[], int,
+- * MultipartStream.ProgressNotifier)
++ * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
++ * ProgressNotifier)}.
+ */
+ @Deprecated
+ public MultipartStream(InputStream input,
+diff --git a/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java b/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
+index 7148d81..80871f4 100644
+--- a/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
++++ b/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
+@@ -38,7 +38,8 @@ public class MultipartStreamTest {
+ final byte[] contents = strData.getBytes();
+ InputStream input = new ByteArrayInputStream(contents);
+ byte[] boundary = BOUNDARY_TEXT.getBytes();
+- int iBufSize = boundary.length;
++ int iBufSize =
++ boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1;
+ MultipartStream ms = new MultipartStream(
+ input,
+ boundary,
+@@ -47,6 +48,21 @@ public class MultipartStreamTest {
+ assertNotNull(ms);
+ }
+
++ @Test(expected=IllegalArgumentException.class)
++ public void testSmallBuffer() throws Exception {
++ final String strData = "foobar";
++ final byte[] contents = strData.getBytes();
++ InputStream input = new ByteArrayInputStream(contents);
++ byte[] boundary = BOUNDARY_TEXT.getBytes();
++ int iBufSize = 1;
++ @SuppressWarnings("unused")
++ MultipartStream ms = new MultipartStream(
++ input,
++ boundary,
++ iBufSize,
++ new MultipartStream.ProgressNotifier(null, contents.length));
++ }
++
+ @Test
+ public void testTwoParamConstructor() throws Exception {
+ final String strData = "foobar";
diff --git a/apache-commons-fileupload.spec b/apache-commons-fileupload.spec
index 4b8813d..c00bc7d 100644
--- a/apache-commons-fileupload.spec
+++ b/apache-commons-fileupload.spec
@@ -3,7 +3,7 @@
Name: apache-%{short_name}
Version: 1.3
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: This package provides an api to work with html file upload
License: ASL 2.0
Group: Development/Libraries
@@ -11,6 +11,8 @@ URL: http://commons.apache.org/%{base_name}/
Source0: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz
BuildArch: noarch
+# Backported from upstream revision 1565143
+Patch0: %{name}-CVE-2014-0050.patch
Patch1: %{name}-portlet20.patch
BuildRequires: java-devel >= 1:1.6.0
@@ -63,6 +65,7 @@ This package contains the API documentation for %{name}.
%prep
%setup -q -n %{short_name}-%{version}-src
+%patch0 -p1
sed -i 's/\r//' LICENSE.txt
sed -i 's/\r//' NOTICE.txt
@@ -123,6 +126,10 @@ rm -rf $(readlink -f %{_javadocdir}/%{name}) %{_javadocdir}/%{name} || :
# -----------------------------------------------------------------------------
%changelog
+* Thu Feb 6 2014 Mikolaj Izdebski - 1.3-5
+- Add backported upstream patch to fix DoS vulnerability
+- Resolves: CVE-2014-0050
+
* Sat Aug 03 2013 Fedora Release Engineering - 1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild