[pkg-java] r13331 - in trunk/tomcat6/debian: . patches
Tony Mancill
tmancill at alioth.debian.org
Thu Feb 17 06:08:45 UTC 2011
Author: tmancill
Date: 2011-02-17 06:08:38 +0000 (Thu, 17 Feb 2011)
New Revision: 13331
Removed:
trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch
trunk/tomcat6/debian/patches/0012-CVE-2010-3718.patch
trunk/tomcat6/debian/patches/0013-CVE-2011-0013.patch
trunk/tomcat6/debian/patches/0014-CVE-2011-0534.patch
Modified:
trunk/tomcat6/debian/changelog
trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
trunk/tomcat6/debian/patches/series
Log:
updates for 6.0.32-1 upload
Modified: trunk/tomcat6/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/changelog 2011-02-17 06:08:38 UTC (rev 13331)
@@ -1,3 +1,14 @@
+tomcat6 (6.0.32-1) unstable; urgency=low
+
+ * Team upload.
+ * New upstream release
+ * Remove following patches applied upstream:
+ CVE-2010-4172, CVE-2011-0534, CVE-2010-3718, CVE-2011-0013,
+ 0009-allow-empty-PID-file.patch
+ * Adjust 0004-split-deploy-webapps-target-from-deploy-target.patch
+
+ -- tony mancill <tmancill at debian.org> Tue, 15 Feb 2011 22:41:42 -0800
+
tomcat6 (6.0.28-10) unstable; urgency=medium
* Team upload.
Modified: trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
===================================================================
--- trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch 2011-02-17 06:08:38 UTC (rev 13331)
@@ -33,13 +33,13 @@
<!-- Copy other regular webapps -->
<copy todir="${tomcat.build}/webapps">
<fileset dir="webapps">
-@@ -630,10 +637,6 @@
+@@ -629,10 +636,6 @@
</fileset>
</txt2html>
- <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib"
- failonerror="false"/>
-- <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
+- <copy file="${jdt.jar}" todir="${tomcat.build}/lib" />
-
</target>
Deleted: trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch
===================================================================
--- trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch 2011-02-17 06:08:38 UTC (rev 13331)
@@ -1,156 +0,0 @@
-From: tony mancill <tmancill at debian.org>
-Subject: CVE-2010-4172 patches for 6.0.28
-Description: Backport changes in tomcat6's SVN tree to 6.0.28.
-Origin: http://svn.apache.org/viewvc?view=revision&revision=1037779
-Forwarded: not-needed
-
---- a/java/org/apache/catalina/manager/JspHelper.java
-+++ b/java/org/apache/catalina/manager/JspHelper.java
-@@ -58,7 +58,7 @@
- }
- private static String localeToString(Locale locale) {
- if (locale != null) {
-- return locale.toString();//locale.getDisplayName();
-+ return escapeXml(locale.toString());//locale.getDisplayName();
- } else {
- return "";
- }
---- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
-+++ b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
-@@ -30,8 +30,10 @@
- <% String path = (String) request.getAttribute("path");
- Session currentSession = (Session)request.getAttribute("currentSession");
- HttpSession currentHttpSession = currentSession.getSession();
-- String currentSessionId = currentSession.getId();
-- String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
-+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
-+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
-+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
-+ "?path=" + path));
- %>
- <head>
- <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>
-@@ -45,7 +47,7 @@
- <title>Sessions Administration: details for <%= currentSessionId %></title>
- </head>
- <body>
--<h1>Details for Session <%= JspHelper.escapeXml(currentSessionId) %></h1>
-+<h1>Details for Session <%= currentSessionId %></h1>
-
- <table style="text-align: left;" border="0">
- <tr>
-@@ -86,7 +88,13 @@
- </tr>
- </table>
-
--<p style="text-align: center;"><button type="button" onclick="window.location.reload()">Refresh</button></p>
-+<form method="post" action="<%= submitUrl %>">
-+ <div>
-+ <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
-+ <input type="hidden" name="action" value="sessionDetail" />
-+ <input type="submit" value="Refresh" />
-+ </div>
-+</form>
-
- <div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
- <div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
-@@ -120,7 +128,16 @@
- String attributeName = (String) attributeNamesEnumeration.nextElement();
- %>
- <tr>
-- <td align="center"><form action="<%= submitUrl %>"><div><input type="hidden" name="path" value="<%= path %>" /><input type="hidden" name="action" value="removeSessionAttribute" /><input type="hidden" name="sessionId" value="<%= currentSessionId %>" /><input type="hidden" name="attributeName" value="<%= attributeName %>" /><input type="submit" value="Remove" /></div></form></td>
-+ <td align="center">
-+ <form method="post" action="<%= submitUrl %>">
-+ <div>
-+ <input type="hidden" name="action" value="removeSessionAttribute" />
-+ <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
-+ <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
-+ <input type="submit" value="Remove" />
-+ </div>
-+ </form>
-+ </td>
- <td><%= JspHelper.escapeXml(attributeName) %></td>
- <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
- </tr>
-@@ -128,7 +145,11 @@
- </tbody>
- </table>
-
--<p style="text-align: center;"><button type="button" onclick="window.close()">Close window</button></p>
-+<form method="post" action="<%=submitUrl%>">
-+ <p style="text-align: center;">
-+ <input type="submit" value="Return to session list" />
-+ </p>
-+</form>
-
- <%--div style="display: none;">
- <p>
---- a/webapps/manager/WEB-INF/jsp/sessionsList.jsp
-+++ b/webapps/manager/WEB-INF/jsp/sessionsList.jsp
-@@ -26,7 +26,9 @@
-
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
- <% String path = (String) request.getAttribute("path");
-- String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURI() + "?path=" + path;
-+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
-+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
-+ "?path=" + path));
- Collection activeSessions = (Collection) request.getAttribute("activeSessions");
- %>
- <head>
-@@ -38,10 +40,10 @@
- <meta name="author" content="Cedrik LIME"/>
- <meta name="copyright" content="copyright 2005-2010 the Apache Software Foundation"/>
- <meta name="robots" content="noindex,nofollow,noarchive"/>
-- <title>Sessions Administration for <%= path %></title>
-+ <title>Sessions Administration for <%= JspHelper.escapeXml(path) %></title>
- </head>
- <body>
--<h1>Sessions Administration for <%= path %></h1>
-+<h1>Sessions Administration for <%= JspHelper.escapeXml(path) %></h1>
-
- <p>Tips:</p>
- <ul>
-@@ -55,13 +57,13 @@
- <form action="<%= submitUrl %>" method="post" id="sessionsForm">
- <fieldset><legend>Active HttpSessions informations</legend>
- <input type="hidden" name="action" id="sessionsFormAction" value="injectSessions"/>
-- <input type="hidden" name="sort" id="sessionsFormSort" value="<%= (String) request.getAttribute("sort") %>"/>
-+ <input type="hidden" name="sort" id="sessionsFormSort" value="<%= JspHelper.escapeXml(request.getAttribute("sort")) %>"/>
- <% String order = (String) request.getAttribute("order");
- if (order == null || "".equals(order)) {
- order = "ASC";
- }
- %>
-- <input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= order %>"/>
-+ <input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= JspHelper.escapeXml(order) %>"/>
- <input type="submit" name="refresh" id="refreshButton" value="Refresh Sessions list" onclick="document.getElementById('sessionsFormAction').value='refreshSessions'; return true;"/>
- <%= JspHelper.formatNumber(activeSessions.size()) %> active Sessions<br/>
- <table border="1" cellpadding="2" cellspacing="2" width="100%">
-@@ -95,11 +97,11 @@
- <% Iterator iter = activeSessions.iterator();
- while (iter.hasNext()) {
- Session currentSession = (Session) iter.next();
-- String currentSessionId = currentSession.getId();
-+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
- %>
- <tr>
- <td>
--<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&action=sessionDetail&sessionId=<%= currentSessionId %>" target="_blank"><%= JspHelper.escapeXml(currentSessionId) %></a>
-+<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&action=sessionDetail&sessionId=<%= currentSessionId %>"><%= currentSessionId %></a>
- </td>
- <td style="text-align: center;"><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
- <td style="text-align: center;"><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
-@@ -118,7 +120,11 @@
- </fieldset>
- </form>
-
--<p style="text-align: center;"><button type="button" onclick="window.close()">Close window</button></p>
-+<form method="get" action="<%=request.getContextPath()%>/html">
-+ <p style="text-align: center;">
-+ <input type="submit" value="Return to main page" />
-+ </p>
-+</form>
-
- <%--div style="display: none;">
- <p>
Deleted: trunk/tomcat6/debian/patches/0012-CVE-2010-3718.patch
===================================================================
--- trunk/tomcat6/debian/patches/0012-CVE-2010-3718.patch 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/0012-CVE-2010-3718.patch 2011-02-17 06:08:38 UTC (rev 13331)
@@ -1,31 +0,0 @@
---- a/java/org/apache/catalina/core/StandardContext.java
-+++ b/java/org/apache/catalina/core/StandardContext.java
-@@ -5309,11 +5309,11 @@
- dir.mkdirs();
-
- // Set the appropriate servlet context attribute
-- getServletContext().setAttribute(Globals.WORK_DIR_ATTR, dir);
-- if (getServletContext() instanceof ApplicationContext)
-- ((ApplicationContext) getServletContext()).setAttributeReadOnly
-- (Globals.WORK_DIR_ATTR);
--
-+ if (context == null) {
-+ getServletContext();
-+ }
-+ context.setAttribute(Globals.WORK_DIR_ATTR, dir);
-+ context.setAttributeReadOnly(Globals.WORK_DIR_ATTR);
- }
-
-
---- a/webapps/docs/changelog.xml
-+++ b/webapps/docs/changelog.xml
-@@ -93,6 +93,9 @@
- <bug>49436</bug>: Correct documented default for readonly attribute of
- the UserDatabase component. (markt)
- </fix>
-+ <fix>
-+ Code clean-up. Avoid some casts in StandardContext. (markt)
-+ </fix>
- </changelog>
- </subsection>
- </section>
Deleted: trunk/tomcat6/debian/patches/0013-CVE-2011-0013.patch
===================================================================
--- trunk/tomcat6/debian/patches/0013-CVE-2011-0013.patch 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/0013-CVE-2011-0013.patch 2011-02-17 06:08:38 UTC (rev 13331)
@@ -1,63 +0,0 @@
---- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
-+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
-@@ -407,10 +407,11 @@
-
- args = new Object[7];
- args[0] = URL_ENCODER.encode(displayPath);
-- args[1] = displayPath;
-- args[2] = context.getDisplayName();
-- if (args[2] == null) {
-+ args[1] = RequestUtil.filter(displayPath);
-+ if (context.getDisplayName() == null) {
- args[2] = " ";
-+ } else {
-+ args[2] = RequestUtil.filter(context.getDisplayName());
- }
- args[3] = new Boolean(context.getAvailable());
- args[4] = response.encodeURL
---- a/java/org/apache/catalina/manager/StatusTransformer.java
-+++ b/java/org/apache/catalina/manager/StatusTransformer.java
-@@ -575,7 +575,7 @@
- }
-
- writer.print("<a href=\"#" + (count++) + ".0\">");
-- writer.print(webModuleName);
-+ writer.print(filter(webModuleName));
- writer.print("</a>");
- if (iterator.hasNext()) {
- writer.print("<br>");
-@@ -650,7 +650,7 @@
- }
-
- writer.print("<h1>");
-- writer.print(name);
-+ writer.print(filter(name));
- writer.print("</h1>");
- writer.print("</a>");
-
-@@ -778,11 +778,11 @@
- mBeanServer.invoke(objectName, "findMappings", null, null);
-
- writer.print("<h2>");
-- writer.print(servletName);
-+ writer.print(filter(servletName));
- if ((mappings != null) && (mappings.length > 0)) {
- writer.print(" [ ");
- for (int i = 0; i < mappings.length; i++) {
-- writer.print(mappings[i]);
-+ writer.print(filter(mappings[i]));
- if (i < mappings.length - 1) {
- writer.print(" , ");
- }
---- a/webapps/docs/changelog.xml
-+++ b/webapps/docs/changelog.xml
-@@ -45,6 +45,9 @@
- <fix>Arrange filter logic. (jfclere)
- </fix>
- <fix>
-+ filter input of manager app servlets. (kkolinko)
-+ </fix>
-+ <fix>
- <bug>49230</bug>: Enhance JRE leak prevention listener with protection
- for the keep-alive thread started by
- <code>sun.net.www.http.HttpClient</code>. Patch provided by Rob Kooper.
Deleted: trunk/tomcat6/debian/patches/0014-CVE-2011-0534.patch
===================================================================
--- trunk/tomcat6/debian/patches/0014-CVE-2011-0534.patch 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/0014-CVE-2011-0534.patch 2011-02-17 06:08:38 UTC (rev 13331)
@@ -1,171 +0,0 @@
---- a/java/org/apache/coyote/http11/InternalNioInputBuffer.java
-+++ b/java/org/apache/coyote/http11/InternalNioInputBuffer.java
-@@ -41,6 +41,11 @@
- */
- public class InternalNioInputBuffer implements InputBuffer {
-
-+ /**
-+ * Logger.
-+ */
-+ private static final org.apache.juli.logging.Log log =
-+ org.apache.juli.logging.LogFactory.getLog(InternalNioInputBuffer.class);
-
- // -------------------------------------------------------------- Constants
-
-@@ -57,12 +62,7 @@
- this.request = request;
- headers = request.getMimeHeaders();
-
-- buf = new byte[headerBufferSize];
--// if (headerBufferSize < (8 * 1024)) {
--// bbuf = ByteBuffer.allocateDirect(6 * 1500);
--// } else {
--// bbuf = ByteBuffer.allocateDirect((headerBufferSize / 1500 + 1) * 1500);
--// }
-+ this.headerBufferSize = headerBufferSize;
-
- inputStreamInputBuffer = new SocketInputBuffer();
-
-@@ -189,6 +189,28 @@
- protected int lastActiveFilter;
-
-
-+ /**
-+ * Maximum allowed size of the HTTP request line plus headers.
-+ */
-+ private final int headerBufferSize;
-+
-+ /**
-+ * Known size of the NioChannel read buffer.
-+ */
-+ private int socketReadBufferSize;
-+
-+ /**
-+ * Additional size we allocate to the buffer to be more effective when
-+ * skipping empty lines that may precede the request.
-+ */
-+ private static final int skipBlankLinesSize = 1024;
-+
-+ /**
-+ * How many bytes in the buffer are occupied by skipped blank lines that
-+ * precede the request.
-+ */
-+ private int skipBlankLinesBytes;
-+
- // ------------------------------------------------------------- Properties
-
-
-@@ -197,6 +219,12 @@
- */
- public void setSocket(NioChannel socket) {
- this.socket = socket;
-+ socketReadBufferSize = socket.getBufHandler().getReadBuffer().capacity();
-+ int bufLength = skipBlankLinesSize + headerBufferSize
-+ + socketReadBufferSize;
-+ if (buf == null || buf.length < bufLength) {
-+ buf = new byte[bufLength];
-+ }
- }
-
- /**
-@@ -421,25 +449,23 @@
- if (useAvailableData) {
- return false;
- }
-+ // Ignore bytes that were read
-+ pos = lastValid = 0;
- // Do a simple read with a short timeout
- if ( readSocket(true, false)==0 ) return false;
- }
- chr = buf[pos++];
- } while ((chr == Constants.CR) || (chr == Constants.LF));
- pos--;
-- parsingRequestLineStart = pos;
-- parsingRequestLinePhase = 1;
-- }
-- if ( parsingRequestLinePhase == 1 ) {
-- // Mark the current buffer position
--
-- if (pos >= lastValid) {
-- if (useAvailableData) {
-- return false;
-- }
-- // Do a simple read with a short timeout
-- if ( readSocket(true, false)==0 ) return false;
-+ if (pos >= skipBlankLinesSize) {
-+ // Move data, to have enough space for further reading
-+ // of headers and body
-+ System.arraycopy(buf, pos, buf, 0, lastValid - pos);
-+ lastValid -= pos;
-+ pos = 0;
- }
-+ skipBlankLinesBytes = pos;
-+ parsingRequestLineStart = pos;
- parsingRequestLinePhase = 2;
- }
- if ( parsingRequestLinePhase == 2 ) {
-@@ -578,6 +604,13 @@
-
- private void expand(int newsize) {
- if ( newsize > buf.length ) {
-+ if (parsingHeader) {
-+ throw new IllegalArgumentException(
-+ sm.getString("iib.requestheadertoolarge.error"));
-+ }
-+ // Should not happen
-+ log.warn("Expanding buffer size. Old size: " + buf.length
-+ + ", new size: " + newsize, new Exception());
- byte[] tmp = new byte[newsize];
- System.arraycopy(buf,0,tmp,0,buf.length);
- buf = tmp;
-@@ -639,6 +672,19 @@
- if (status == HeaderParseStatus.DONE) {
- parsingHeader = false;
- end = pos;
-+ // Checking that
-+ // (1) Headers plus request line size does not exceed its limit
-+ // (2) There are enough bytes to avoid expanding the buffer when
-+ // reading body
-+ // Technically, (2) is technical limitation, (1) is logical
-+ // limitation to enforce the meaning of headerBufferSize
-+ // From the way how buf is allocated and how blank lines are being
-+ // read, it should be enough to check (1) only.
-+ if (end - skipBlankLinesBytes > headerBufferSize
-+ || buf.length - end < socketReadBufferSize) {
-+ throw new IllegalArgumentException(
-+ sm.getString("iib.requestheadertoolarge.error"));
-+ }
- return true;
- } else {
- return false;
-@@ -889,16 +935,7 @@
- // Do a simple read with a short timeout
- read = readSocket(timeout,block)>0;
- } else {
--
-- if (buf.length - end < 4500) {
-- // In this case, the request header was really large, so we allocate a
-- // brand new one; the old one will get GCed when subsequent requests
-- // clear all references
-- buf = new byte[buf.length];
-- end = 0;
-- }
-- pos = end;
-- lastValid = pos;
-+ lastValid = pos = end;
- // Do a simple read with a short timeout
- read = readSocket(timeout, block)>0;
- }
---- a/webapps/docs/changelog.xml
-+++ b/webapps/docs/changelog.xml
-@@ -48,6 +48,10 @@
- filter input of manager app servlets. (kkolinko)
- </fix>
- <fix>
-+ <bug>50631</bug>: InternalNioInputBuffer should honor
-+ <code>maxHttpHeadSize</code>. (kkolinko)
-+ </fix>
-+ <fix>
- <bug>49230</bug>: Enhance JRE leak prevention listener with protection
- for the keep-alive thread started by
- <code>sun.net.www.http.HttpClient</code>. Patch provided by Rob Kooper.
Modified: trunk/tomcat6/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series 2011-02-17 05:12:42 UTC (rev 13330)
+++ trunk/tomcat6/debian/patches/series 2011-02-17 06:08:38 UTC (rev 13331)
@@ -6,9 +6,4 @@
0006-add-JARs-below-var-to-class-loader.patch
0007-add-OSGi-headers-to-servlet-api.patch
0008-add-OSGI-headers-to-jsp-api.patch
-0009-allow-empty-PID-file.patch
0010-Use-java.security.policy-file-in-catalina.sh.patch
-0011-CVE-2010-4172.patch
-0012-CVE-2010-3718.patch
-0013-CVE-2011-0013.patch
-0014-CVE-2011-0534.patch
More information about the pkg-java-commits
mailing list