[pkg-java] r13169 - in trunk/tomcat6/debian: . patches

Tony Mancill tmancill at alioth.debian.org
Fri Dec 10 06:08:43 UTC 2010 

Author: tmancill
Date: 2010-12-10 06:08:40 +0000 (Fri, 10 Dec 2010)
New Revision: 13169

Added:
   trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch
Modified:
   trunk/tomcat6/debian/changelog
   trunk/tomcat6/debian/patches/series
Log:
CVE-2010-4172 interim check-in

Modified: trunk/tomcat6/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog	2010-12-09 11:25:26 UTC (rev 13168)
+++ trunk/tomcat6/debian/changelog	2010-12-10 06:08:40 UTC (rev 13169)
@@ -1,10 +1,11 @@
-tomcat6 (6.0.28-9) UNRELEASED; urgency=low
+tomcat6 (6.0.28-9) UNRELEASED; urgency=medium
 
   * Team upload.
   * Update URL for manager application in README.Debian 
     Thanks to Ernesto Ongaro (Closes: #606170)
+  * Add patch for CVE-2010-4172. (Closes: #606388)
 
- -- tony mancill <tmancill at debian.org>  Mon, 06 Dec 2010 19:46:00 -0800
+ -- tony mancill <tmancill at debian.org>  Wed, 08 Dec 2010 21:10:07 -0800
 
 tomcat6 (6.0.28-8) unstable; urgency=low
 

Added: trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch
===================================================================
--- trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch	                        (rev 0)
+++ trunk/tomcat6/debian/patches/0011-CVE-2010-4172.patch	2010-12-10 06:08:40 UTC (rev 13169)
@@ -0,0 +1,234 @@
+--- a/java/org/apache/catalina/manager/JspHelper.java
++++ b/java/org/apache/catalina/manager/JspHelper.java
+@@ -58,7 +58,7 @@
+     }
+     private static String localeToString(Locale locale) {
+         if (locale != null) {
+-            return locale.toString();//locale.getDisplayName();
++            return escapeXml(locale.toString());//locale.getDisplayName();
+         } else {
+             return "";
+         }
+--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
++++ b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+@@ -30,22 +30,24 @@
+ <% String path = (String) request.getAttribute("path");
+    Session currentSession = (Session)request.getAttribute("currentSession");
+    HttpSession currentHttpSession = currentSession.getSession();
+-   String currentSessionId = currentSession.getId();
+-   String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
++   String currentSessionId = JspHelper.escapeXml(currentSession.getId());
++   String submitUrl = JspHelper.escapeXml(response.encodeURL(
++           ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
++           "?path=" + path));
+ %>
+ <head>
+     <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>
+-	<meta http-equiv="pragma" content="no-cache"/><!-- HTTP 1.0 -->
+-	<meta http-equiv="cache-control" content="no-cache,must-revalidate"/><!-- HTTP 1.1 -->
+-	<meta http-equiv="expires" content="0"/><!-- 0 is an invalid value and should be treated as 'now' -->
+-	<meta http-equiv="content-language" content="en"/>
+-	<meta name="author" content="Cedrik LIME"/>
+-	<meta name="copyright" content="copyright 2005-2010 the Apache Software Foundation"/>
+-	<meta name="robots" content="noindex,nofollow,noarchive"/>
+-	<title>Sessions Administration: details for <%= currentSessionId %></title>
++    <meta http-equiv="pragma" content="no-cache"/><!-- HTTP 1.0 -->
++    <meta http-equiv="cache-control" content="no-cache,must-revalidate"/><!-- HTTP 1.1 -->
++    <meta http-equiv="expires" content="0"/><!-- 0 is an invalid value and should be treated as 'now' -->
++    <meta http-equiv="content-language" content="en"/>
++    <meta name="author" content="Cedrik LIME"/>
++    <meta name="copyright" content="copyright 2005-2010 the Apache Software Foundation"/>
++    <meta name="robots" content="noindex,nofollow,noarchive"/>
++    <title>Sessions Administration: details for <%= currentSessionId %></title>
+ </head>
+ <body>
+-<h1>Details for Session <%= JspHelper.escapeXml(currentSessionId) %></h1>
++<h1>Details for Session <%= currentSessionId %></h1>
+ 
+ <table style="text-align: left;" border="0">
+   <tr>
+@@ -86,7 +88,13 @@
+   </tr>
+ </table>
+ 
+-<p style="text-align: center;"><button type="button" onclick="window.location.reload()">Refresh</button></p>
++<form method="post" action="<%= submitUrl %>">
++  <div>
++    <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
++    <input type="hidden" name="action" value="sessionDetail" />
++    <input type="submit" value="Refresh" />
++  </div>
++</form>
+ 
+ <div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
+ <div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
+@@ -95,52 +103,65 @@
+ <% int nAttributes = 0;
+    Enumeration attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+    while (attributeNamesEnumeration.hasMoreElements()) {
+-	   attributeNamesEnumeration.nextElement();
+-	   ++nAttributes;
++       attributeNamesEnumeration.nextElement();
++       ++nAttributes;
+    }
+ %>
+-	<caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
+-	<thead>
+-		<tr>
+-			<th>Remove Attribute</th>
+-			<th>Attribute name</th>
+-			<th>Attribute value</th>
+-		</tr>
+-	</thead>
+-	<%--tfoot>
+-		<tr>
+-			<td colspan="3" style="text-align: center;">
+-				TODO: set Max Inactive Interval on sessions
+-			</td>
+-		</tr>
+-	</tfoot--%>
+-	<tbody>
++    <caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
++    <thead>
++        <tr>
++            <th>Remove Attribute</th>
++            <th>Attribute name</th>
++            <th>Attribute value</th>
++        </tr>
++    </thead>
++    <%--tfoot>
++        <tr>
++            <td colspan="3" style="text-align: center;">
++                TODO: set Max Inactive Interval on sessions
++            </td>
++        </tr>
++    </tfoot--%>
++    <tbody>
+ <% attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+    while (attributeNamesEnumeration.hasMoreElements()) {
+-   	String attributeName = (String) attributeNamesEnumeration.nextElement();
++       String attributeName = (String) attributeNamesEnumeration.nextElement();
+ %>
+-		<tr>
+-			<td align="center"><form action="<%= submitUrl %>"><div><input type="hidden" name="path" value="<%= path %>" /><input type="hidden" name="action" value="removeSessionAttribute" /><input type="hidden" name="sessionId" value="<%= currentSessionId %>" /><input type="hidden" name="attributeName" value="<%= attributeName %>" /><input type="submit" value="Remove" /></div></form></td>
+-			<td><%= JspHelper.escapeXml(attributeName) %></td>
+-			<td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
+-		</tr>
++        <tr>
++            <td align="center">
++                <form method="post" action="<%= submitUrl %>">
++                    <div>
++                        <input type="hidden" name="action" value="removeSessionAttribute" />
++                        <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
++                        <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
++                        <input type="submit" value="Remove" />
++                    </div>
++                </form>
++            </td>
++            <td><%= JspHelper.escapeXml(attributeName) %></td>
++            <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
++        </tr>
+ <% } // end while %>
+-	</tbody>
++    </tbody>
+ </table>
+ 
+-<p style="text-align: center;"><button type="button" onclick="window.close()">Close window</button></p>
++<form method="post" action="<%=submitUrl%>">
++  <p style="text-align: center;">
++    <input type="submit" value="Return to session list" />
++  </p>
++</form>
+ 
+ <%--div style="display: none;">
+ <p>
+-	<a href="http://validator.w3.org/check?uri=referer"><img
+-		src="http://www.w3.org/Icons/valid-html401"
+-		alt="Valid HTML 4.01!" height="31" width="88"></a>
+-	<a href="http://validator.w3.org/check?uri=referer"><img
+-		src="http://www.w3.org/Icons/valid-xhtml10"
+-		alt="Valid XHTML 1.0!" height="31" width="88" /></a>
+-	<a href="http://validator.w3.org/check?uri=referer"><img
+-		src="http://www.w3.org/Icons/valid-xhtml11"
+-		alt="Valid XHTML 1.1!" height="31" width="88" /></a>
++    <a href="http://validator.w3.org/check?uri=referer"><img
++        src="http://www.w3.org/Icons/valid-html401"
++        alt="Valid HTML 4.01!" height="31" width="88"></a>
++    <a href="http://validator.w3.org/check?uri=referer"><img
++        src="http://www.w3.org/Icons/valid-xhtml10"
++        alt="Valid XHTML 1.0!" height="31" width="88" /></a>
++    <a href="http://validator.w3.org/check?uri=referer"><img
++        src="http://www.w3.org/Icons/valid-xhtml11"
++        alt="Valid XHTML 1.1!" height="31" width="88" /></a>
+ </p>
+ </div--%>
+ 
+--- a/webapps/manager/WEB-INF/jsp/sessionsList.jsp
++++ b/webapps/manager/WEB-INF/jsp/sessionsList.jsp
+@@ -26,7 +26,9 @@
+ 
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <% String path = (String) request.getAttribute("path");
+-   String submitUrl = ((HttpServletRequest)pageContext.getRequest()).getRequestURI() + "?path=" + path;
++   String submitUrl = JspHelper.escapeXml(response.encodeURL(
++           ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
++           "?path=" + path));
+    Collection activeSessions = (Collection) request.getAttribute("activeSessions");
+ %>
+ <head>
+@@ -38,10 +40,10 @@
+ 	<meta name="author" content="Cedrik LIME"/>
+ 	<meta name="copyright" content="copyright 2005-2010 the Apache Software Foundation"/>
+ 	<meta name="robots" content="noindex,nofollow,noarchive"/>
+-	<title>Sessions Administration for <%= path %></title>
++	<title>Sessions Administration for <%= JspHelper.escapeXml(path) %></title>
+ </head>
+ <body>
+-<h1>Sessions Administration for <%= path %></h1>
++<h1>Sessions Administration for <%= JspHelper.escapeXml(path) %></h1>
+ 
+ <p>Tips:</p>
+ <ul>
+@@ -55,13 +57,13 @@
+ <form action="<%= submitUrl %>" method="post" id="sessionsForm">
+ 	<fieldset><legend>Active HttpSessions informations</legend>
+ 		<input type="hidden" name="action" id="sessionsFormAction" value="injectSessions"/>
+-		<input type="hidden" name="sort" id="sessionsFormSort" value="<%= (String) request.getAttribute("sort") %>"/>
++		<input type="hidden" name="sort" id="sessionsFormSort" value="<%= JspHelper.escapeXml(request.getAttribute("sort")) %>"/>
+ 		<% String order = (String) request.getAttribute("order");
+ 		   if (order == null || "".equals(order)) {
+ 		   	order = "ASC";
+ 		   }
+ 		%>
+-		<input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= order %>"/>
++		<input type="hidden" name="order" id="sessionsFormSortOrder" value="<%= JspHelper.escapeXml(order) %>"/>
+ 		<input type="submit" name="refresh" id="refreshButton" value="Refresh Sessions list" onclick="document.getElementById('sessionsFormAction').value='refreshSessions'; return true;"/>
+ 		<%= JspHelper.formatNumber(activeSessions.size()) %> active Sessions<br/>
+ 		<table border="1" cellpadding="2" cellspacing="2" width="100%">
+@@ -95,11 +97,11 @@
+ <% Iterator iter = activeSessions.iterator();
+    while (iter.hasNext()) {
+    	Session currentSession = (Session) iter.next();
+-   	String currentSessionId = currentSession.getId();
++   	String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ %>
+ 				<tr>
+ 					<td>
+-<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId %>" target="_blank"><%= JspHelper.escapeXml(currentSessionId) %></a>
++<input type="checkbox" name="sessionIds" value="<%= currentSessionId %>" /><a href="<%= submitUrl %>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId %>"><%= currentSessionId %></a>
+ 					</td>
+ 					<td style="text-align: center;"><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
+ 					<td style="text-align: center;"><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
+@@ -118,7 +120,11 @@
+ 	</fieldset>
+ </form>
+ 
+-<p style="text-align: center;"><button type="button" onclick="window.close()">Close window</button></p>
++<form method="get" action="<%=request.getContextPath()%>/html">
++  <p style="text-align: center;">
++    <input type="submit" value="Return to main page" />
++  </p>
++</form>
+ 
+ <%--div style="display: none;">
+ <p>

Modified: trunk/tomcat6/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series	2010-12-09 11:25:26 UTC (rev 13168)
+++ trunk/tomcat6/debian/patches/series	2010-12-10 06:08:40 UTC (rev 13169)
@@ -8,3 +8,4 @@
 0008-add-OSGI-headers-to-jsp-api.patch
 0009-allow-empty-PID-file.patch
 0010-Use-java.security.policy-file-in-catalina.sh.patch
+0011-CVE-2010-4172.patch

More information about the pkg-java-commits mailing list