[tomcat7] branch master updated (874630c -> 3a14cf4)
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Tue Sep 20 12:52:01 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a change to branch master
in repository tomcat7.
from 874630c Fixed CVE-2016-1240: Local Root Privilege Escalation
adds 5f21938 New upstream version 7.0.72
new 3a14cf4 Merge tag 'upstream/7.0.72'
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
build.properties.default | 8 +-
conf/web.xml | 36 +-
java/org/apache/catalina/Context.java | 22 +
.../catalina/authenticator/mbeans-descriptors.xml | 2 +-
.../apache/catalina/connector/CoyoteAdapter.java | 2 +-
.../org/apache/catalina/connector/InputBuffer.java | 2 +-
java/org/apache/catalina/connector/Request.java | 17 +-
.../catalina/connector/mbeans-descriptors.xml | 4 +-
.../apache/catalina/core/ApplicationContext.java | 24 +-
.../catalina/core/ApplicationFilterConfig.java | 3 +-
.../apache/catalina/core/AprLifecycleListener.java | 5 +-
.../apache/catalina/core/LocalStrings.properties | 2 +
.../catalina/core/NamingContextListener.java | 97 ++--
java/org/apache/catalina/core/StandardContext.java | 23 +-
java/org/apache/catalina/core/StandardWrapper.java | 55 +-
.../apache/catalina/core/mbeans-descriptors.xml | 8 +-
java/org/apache/catalina/deploy/ErrorPage.java | 3 +-
java/org/apache/catalina/filters/CorsFilter.java | 8 +-
.../catalina/filters/LocalStrings.properties | 2 +
.../org/apache/catalina/filters/RequestFilter.java | 5 +
.../ha/authenticator/mbeans-descriptors.xml | 2 +-
.../catalina/ha/session/mbeans-descriptors.xml | 10 +-
.../apache/catalina/ha/tcp/mbeans-descriptors.xml | 2 +-
.../apache/catalina/loader/LocalStrings.properties | 1 +
.../catalina/loader/WebappClassLoaderBase.java | 73 ++-
.../catalina/manager/HTMLManagerServlet.java | 10 +-
.../apache/catalina/mbeans/mbeans-descriptors.xml | 2 +-
.../org/apache/catalina/realm/DataSourceRealm.java | 78 ++-
java/org/apache/catalina/realm/JDBCRealm.java | 18 +-
java/org/apache/catalina/realm/JNDIRealm.java | 56 +-
java/org/apache/catalina/realm/LockOutRealm.java | 94 ++--
java/org/apache/catalina/realm/MemoryRealm.java | 32 +-
java/org/apache/catalina/realm/RealmBase.java | 147 ++---
.../apache/catalina/realm/mbeans-descriptors.xml | 2 +-
java/org/apache/catalina/servlets/CGIServlet.java | 612 +++++++++------------
.../apache/catalina/servlets/DefaultServlet.java | 2 +-
.../catalina/servlets/LocalStrings.properties | 19 +
.../apache/catalina/session/mbeans-descriptors.xml | 6 +-
java/org/apache/catalina/ssi/SSIMediator.java | 2 +-
.../org/apache/catalina/startup/ContextConfig.java | 22 +-
.../org/apache/catalina/startup/FailedContext.java | 5 +
.../apache/catalina/tribes/group/RpcChannel.java | 12 +-
.../tribes/membership/mbeans-descriptors.xml | 2 +-
.../tribes/tipis/AbstractReplicatedMap.java | 5 +-
java/org/apache/catalina/tribes/util/Arrays.java | 3 -
java/org/apache/catalina/util/LifecycleBase.java | 134 +++--
java/org/apache/catalina/util/URLEncoder.java | 28 +-
.../apache/catalina/valves/LocalStrings.properties | 1 +
.../apache/catalina/valves/RemoteAddrValve.java | 31 +-
.../apache/catalina/valves/RemoteHostValve.java | 31 +-
.../apache/catalina/valves/RequestFilterValve.java | 10 +-
.../apache/catalina/valves/mbeans-descriptors.xml | 2 +-
java/org/apache/coyote/AbstractProcessor.java | 15 +-
java/org/apache/coyote/AbstractProtocol.java | 17 +
java/org/apache/coyote/AsyncStateMachine.java | 264 ++++-----
.../apache/coyote/ajp/AbstractAjpProcessor.java | 1 +
java/org/apache/coyote/ajp/AjpAprProtocol.java | 1 +
java/org/apache/coyote/ajp/AjpNioProtocol.java | 1 +
java/org/apache/coyote/ajp/AjpProtocol.java | 1 +
.../coyote/http11/AbstractHttp11Processor.java | 1 +
.../apache/coyote/http11/Http11AprProtocol.java | 1 +
.../apache/coyote/http11/Http11NioProtocol.java | 1 +
java/org/apache/coyote/http11/Http11Protocol.java | 1 +
java/org/apache/jasper/EmbeddedServletOptions.java | 4 +
java/org/apache/jasper/JspCompilationContext.java | 2 +-
java/org/apache/jasper/compiler/Generator.java | 32 +-
.../jasper/compiler/ImplicitTagLibraryInfo.java | 2 +-
java/org/apache/jasper/compiler/JspReader.java | 2 +-
.../apache/jasper/compiler/JspRuntimeContext.java | 4 +-
java/org/apache/jasper/compiler/Localizer.java | 2 +-
.../apache/jasper/compiler/ParserController.java | 2 +-
.../apache/jasper/compiler/TagLibraryInfoImpl.java | 2 +-
.../apache/jasper/compiler/TldLocationsCache.java | 2 +-
.../jasper/resources/LocalStrings.properties | 4 +
.../jasper/{util => runtime}/ExceptionUtils.java | 2 +-
java/org/apache/jasper/runtime/JspFactoryImpl.java | 1 -
.../apache/jasper/runtime/JspRuntimeLibrary.java | 60 +-
java/org/apache/jasper/runtime/TagHandlerPool.java | 40 +-
.../apache/jasper/security/SecurityClassLoad.java | 2 -
.../apache/jasper/servlet/JspCServletContext.java | 2 +-
java/org/apache/jasper/servlet/JspServlet.java | 42 +-
.../apache/jasper/servlet/JspServletWrapper.java | 9 +-
.../org/apache/naming/ContextAccessController.java | 16 +-
java/org/apache/naming/NamingContext.java | 12 +-
.../apache/naming/factory/ResourceLinkFactory.java | 111 +++-
.../apache/naming/resources/BaseDirContext.java | 8 +-
java/org/apache/tomcat/util/bcel/Const.java | 132 +++++
java/org/apache/tomcat/util/bcel/Constants.java | 97 ----
.../bcel/classfile/AnnotationElementValue.java | 4 +-
.../util/bcel/classfile/AnnotationEntry.java | 21 +-
.../tomcat/util/bcel/classfile/Annotations.java | 11 +-
.../util/bcel/classfile/ArrayElementValue.java | 4 +-
.../util/bcel/classfile/ClassElementValue.java | 8 +-
.../util/bcel/classfile/ClassFormatException.java | 6 +-
.../tomcat/util/bcel/classfile/ClassParser.java | 28 +-
.../tomcat/util/bcel/classfile/Constant.java | 39 +-
.../tomcat/util/bcel/classfile/ConstantClass.java | 14 +-
.../tomcat/util/bcel/classfile/ConstantDouble.java | 14 +-
.../tomcat/util/bcel/classfile/ConstantFloat.java | 16 +-
.../util/bcel/classfile/ConstantInteger.java | 14 +-
.../tomcat/util/bcel/classfile/ConstantLong.java | 14 +-
.../tomcat/util/bcel/classfile/ConstantPool.java | 19 +-
.../tomcat/util/bcel/classfile/ConstantUtf8.java | 15 +-
.../tomcat/util/bcel/classfile/ElementValue.java | 26 +-
.../util/bcel/classfile/ElementValuePair.java | 11 +-
.../util/bcel/classfile/EnumElementValue.java | 8 +-
.../tomcat/util/bcel/classfile/JavaClass.java | 8 +-
.../util/bcel/classfile/SimpleElementValue.java | 50 +-
.../apache/tomcat/util/bcel/classfile/Utility.java | 18 +-
.../tomcat/util/codec/binary/BaseNCodec.java | 6 +-
.../util/descriptor/InputSourceUtil.java} | 33 +-
java/org/apache/tomcat/util/digester/Digester.java | 63 ++-
java/org/apache/tomcat/util/http/Cookies.java | 23 +-
.../tomcat/util/http/LocalStrings.properties | 3 +-
.../http/fileupload/ByteArrayOutputStream.java | 36 +-
.../http/fileupload/DeferredFileOutputStream.java | 8 +-
.../util/http/fileupload/FileCleaningTracker.java | 198 -------
.../util/http/fileupload/FileDeleteStrategy.java | 135 -----
.../util/http/fileupload/FileUploadBase.java | 23 +-
.../tomcat/util/http/fileupload/FileUtils.java | 6 +-
.../tomcat/util/http/fileupload/IOUtils.java | 80 ++-
.../util/http/fileupload/MultipartStream.java | 74 ++-
.../util/http/fileupload/ParameterParser.java | 30 +-
.../http/fileupload/ThresholdingOutputStream.java | 4 +-
.../util/http/fileupload/disk/DiskFileItem.java | 40 +-
.../http/fileupload/disk/DiskFileItemFactory.java | 39 +-
.../http/fileupload/util/LimitedInputStream.java | 16 +-
.../tomcat/util/http/fileupload/util/Streams.java | 84 ++-
.../util/mime/QuotedPrintableDecoder.java | 3 +-
.../apache/tomcat/util/net/SocketProperties.java | 2 +-
.../tomcat/util/security/PermissionCheck.java | 43 ++
.../tomcat/websocket/FutureToSendHandler.java | 8 +-
.../tomcat/websocket/LocalStrings.properties | 2 +
java/org/apache/tomcat/websocket/WsSession.java | 22 +-
.../apache/tomcat/jdbc/pool/ConnectionPool.java | 59 +-
.../apache/tomcat/jdbc/pool/PoolProperties.java | 2 +-
.../jdbc/pool/interceptor/StatementCache.java | 6 +
.../interceptor/StatementDecoratorInterceptor.java | 17 +-
.../tomcat/jdbc/pool/jmx/ConnectionPool.java | 4 +-
res/maven/mvn.properties.default | 2 +-
...TestApplicationContextGetRequestDispatcher.java | 504 +++++++++++++++++
.../catalina/core/TestStandardHostValve.java | 16 +
.../startup/TestContextConfigAnnotation.java | 6 +-
test/org/apache/catalina/startup/TestTomcat.java | 1 +
test/org/apache/naming/TestNamingContext.java | 104 ++++
test/org/apache/tomcat/unittest/TesterContext.java | 5 +
webapps/docs/cgi-howto.xml | 14 +-
webapps/docs/changelog.xml | 330 ++++++++++-
webapps/docs/config/ajp.xml | 6 +
webapps/docs/config/context.xml | 34 +-
webapps/docs/config/http.xml | 18 +-
webapps/docs/config/realm.xml | 86 ++-
webapps/docs/html-manager-howto.xml | 8 +-
webapps/docs/index.xml | 2 +-
webapps/docs/jasper-howto.xml | 4 +-
webapps/docs/manager-howto.xml | 2 +-
...ptor-howto.xml => mbeans-descriptors-howto.xml} | 8 +-
webapps/docs/project.xml | 4 +-
webapps/docs/realm-howto.xml | 9 +-
webapps/docs/security-howto.xml | 9 +
webapps/docs/ssl-howto.xml | 18 +
.../websocket/drawboard/DrawboardEndpoint.java | 4 +
webapps/examples/websocket/drawboard.xhtml | 2 +-
163 files changed, 3202 insertions(+), 2089 deletions(-)
rename java/org/apache/jasper/{util => runtime}/ExceptionUtils.java (98%)
create mode 100644 java/org/apache/tomcat/util/bcel/Const.java
delete mode 100644 java/org/apache/tomcat/util/bcel/Constants.java
copy java/org/apache/{catalina/util/Conversions.java => tomcat/util/descriptor/InputSourceUtil.java} (60%)
delete mode 100644 java/org/apache/tomcat/util/http/fileupload/FileCleaningTracker.java
delete mode 100644 java/org/apache/tomcat/util/http/fileupload/FileDeleteStrategy.java
create mode 100644 java/org/apache/tomcat/util/security/PermissionCheck.java
create mode 100644 test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
create mode 100644 test/org/apache/naming/TestNamingContext.java
rename webapps/docs/{mbeans-descriptor-howto.xml => mbeans-descriptors-howto.xml} (92%)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list