[pkg-java] r13873 - trunk/tomcat6/debian/patches
Tony Mancill
tmancill at alioth.debian.org
Fri Jul 22 05:00:18 UTC 2011
Author: tmancill
Date: 2011-07-22 05:00:18 +0000 (Fri, 22 Jul 2011)
New Revision: 13873
Added:
trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch
Modified:
trunk/tomcat6/debian/patches/series
Log:
commit patch for CVE-2011-2204
Added: trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch
===================================================================
--- trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch (rev 0)
+++ trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch 2011-07-22 05:00:18 UTC (rev 13873)
@@ -0,0 +1,170 @@
+From: tony mancill <tmancill at debian.org>
+Date: Wed Jul 06 21:21:17 PDT 2011
+Subject: CVE-2011-2204
+Source: upstream, http://svn.apache.org/viewvc?view=revision&revision=1140071
+Forwarded: not-needed
+
+Index: tc6.0.x/trunk/java/org/apache/catalina/users/MemoryUser.java
+===================================================================
+--- a/java/org/apache/catalina/users/MemoryUser.java (revision 1140070)
++++ b/java/org/apache/catalina/users/MemoryUser.java (revision 1140071)
+@@ -246,7 +246,7 @@
+ * <code>username</code> or </code>name</code> for the username
+ * property.</p>
+ */
+- public String toString() {
++ public String toXml() {
+
+ StringBuffer sb = new StringBuffer("<user username=\"");
+ sb.append(RequestUtil.filter(username));
+@@ -293,5 +293,52 @@
+
+ }
+
++ /**
++ * <p>Return a String representation of this user.</p>
++ */
++ @Override
++ public String toString() {
+
++ StringBuilder sb = new StringBuilder("User username=\"");
++ sb.append(RequestUtil.filter(username));
++ sb.append("\"");
++ if (fullName != null) {
++ sb.append(", fullName=\"");
++ sb.append(RequestUtil.filter(fullName));
++ sb.append("\"");
++ }
++ synchronized (groups) {
++ if (groups.size() > 0) {
++ sb.append(", groups=\"");
++ int n = 0;
++ Iterator<Group> values = groups.iterator();
++ while (values.hasNext()) {
++ if (n > 0) {
++ sb.append(',');
++ }
++ n++;
++ sb.append(RequestUtil.filter(values.next().getGroupname()));
++ }
++ sb.append("\"");
++ }
++ }
++ synchronized (roles) {
++ if (roles.size() > 0) {
++ sb.append(", roles=\"");
++ int n = 0;
++ Iterator<Role> values = roles.iterator();
++ while (values.hasNext()) {
++ if (n > 0) {
++ sb.append(',');
++ }
++ n++;
++ sb.append(RequestUtil.filter(values.next().getRolename()));
++ }
++ sb.append("\"");
++ }
++ }
++ return (sb.toString());
++ }
++
++
+ }
+Index: tc6.0.x/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
+===================================================================
+--- a/java/org/apache/catalina/users/MemoryUserDatabase.java (revision 1140070)
++++ b/java/org/apache/catalina/users/MemoryUserDatabase.java (revision 1140071)
+@@ -549,7 +549,7 @@
+ values = getUsers();
+ while (values.hasNext()) {
+ writer.print(" ");
+- writer.println(values.next());
++ writer.println(((MemoryUser) values.next()).toXml());
+ }
+
+ // Print the file epilog
+Index: tc6.0.x/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
+===================================================================
+--- a/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java (revision 1140070)
++++ b/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java (revision 1140071)
+@@ -180,7 +180,7 @@
+ MBeanUtils.createMBean(group);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating group " + group + " MBean");
++ ("Exception creating group [" + groupname + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -203,7 +203,7 @@
+ MBeanUtils.createMBean(role);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating role " + role + " MBean");
++ ("Exception creating role [" + rolename + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -228,7 +228,7 @@
+ MBeanUtils.createMBean(user);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating user " + user + " MBean");
++ ("Exception creating user [" + username + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -256,7 +256,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for group " + group);
++ ("Cannot create object name for group [" + groupname + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -283,7 +283,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for role " + role);
++ ("Cannot create object name for role [" + rolename + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -310,7 +310,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for user " + user);
++ ("Cannot create object name for user [" + username + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -335,7 +335,7 @@
+ database.removeGroup(group);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying group " + group + " MBean");
++ ("Exception destroying group [" + groupname + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -360,7 +360,7 @@
+ database.removeRole(role);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying role " + role + " MBean");
++ ("Exception destroying role [" + rolename + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -385,7 +385,7 @@
+ database.removeUser(user);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying user " + user + " MBean");
++ ("Exception destroying user [" + username + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
Modified: trunk/tomcat6/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series 2011-07-21 19:32:13 UTC (rev 13872)
+++ trunk/tomcat6/debian/patches/series 2011-07-22 05:00:18 UTC (rev 13873)
@@ -8,3 +8,4 @@
0008-add-OSGI-headers-to-jsp-api.patch
0010-Use-java.security.policy-file-in-catalina.sh.patch
0011-623242.patch
+0012-CVE-2011-2204.patch
More information about the pkg-java-commits
mailing list