[jboss-cvs] Repository SVN: r4469 - in apache-tomcat: 5.0.30.patch03-brew and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 9 14:42:07 EDT 2008
Author: permaine
Date: 2008-04-09 14:42:07 -0400 (Wed, 09 Apr 2008)
New Revision: 4469
Added:
apache-tomcat/5.0.30.patch03-brew/
apache-tomcat/5.0.30.patch03-brew/component-info.xml
apache-tomcat/5.0.30.patch03-brew/lib/
apache-tomcat/5.0.30.patch03-brew/lib/catalina-manager.jar
apache-tomcat/5.0.30.patch03-brew/lib/catalina-optional.jar
apache-tomcat/5.0.30.patch03-brew/lib/catalina.jar
apache-tomcat/5.0.30.patch03-brew/lib/jasper-compiler.jar
apache-tomcat/5.0.30.patch03-brew/lib/jasper-runtime.jar
apache-tomcat/5.0.30.patch03-brew/lib/jsp-api.jar
apache-tomcat/5.0.30.patch03-brew/lib/naming-common.jar
apache-tomcat/5.0.30.patch03-brew/lib/naming-resources.jar
apache-tomcat/5.0.30.patch03-brew/lib/servlet-api.jar
apache-tomcat/5.0.30.patch03-brew/lib/servlets-common.jar
apache-tomcat/5.0.30.patch03-brew/lib/servlets-default.jar
apache-tomcat/5.0.30.patch03-brew/lib/servlets-invoker.jar
apache-tomcat/5.0.30.patch03-brew/lib/servlets-webdav.jar
apache-tomcat/5.0.30.patch03-brew/lib/tomcat-coyote.jar
apache-tomcat/5.0.30.patch03-brew/lib/tomcat-http11.jar
apache-tomcat/5.0.30.patch03-brew/lib/tomcat-jk2.jar
apache-tomcat/5.0.30.patch03-brew/lib/tomcat-util.jar
apache-tomcat/5.0.30.patch03-brew/src/
apache-tomcat/5.0.30.patch03-brew/src/jakarta-tomcat-5.0.30-src.tar.gz
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2005-2090.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-3835.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7195.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7196.5.x.y.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-0450.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1358.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1858.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2449_CVE-2007-1355_CVE-2005-4838.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2450.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-3382_CVE-2007-3385.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-5461.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2008-0128.5.0.x.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-bootstrap.MF.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-javaxssl.patch
apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-jbas-2775-server-header.patch
Log:
Add Brew-build 5.0.30.patch03-brew
Added: apache-tomcat/5.0.30.patch03-brew/component-info.xml
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/component-info.xml (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/component-info.xml 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,54 @@
+<project name="apache-tomcat-component-info">
+
+ <component id="apache-tomcat"
+ licenseType="apache-2.0"
+ version="5.0.30.patch03-brew"
+ projectHome="http://jakarta.apache.org/tomcat/index.html"
+ description="Tomcat 5.5 servlet 2.4 web container+patches(JBAS-2775,CVE-2005-3510, CVE-2006-3835, CVE-2005-2090, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1858) and also patches for CVE-2007-3382, CVE-2007-3385 and CVE-2007-2450 and a fix for CVE-2007-5461, and also CVE-2007-1358, 2008-0128, CVE-2007-2449, CVE-2007-1355, CVE-2005-4838">
+ <!-- cvsroot=":ext:cvs.devel.redhat.com:/cvs/dist/tomcat5"
+ tag="tomcat5-5_0_30-0jpp_10rh"
+ -->
+ <artifact id="catalina-manager.jar"/>
+ <artifact id="catalina-optional.jar"/>
+ <artifact id="catalina.jar"/>
+ <artifact id="jasper-compiler.jar"/>
+ <artifact id="jasper-runtime.jar"/>
+ <artifact id="naming-resources.jar"/>
+ <artifact id="servlets-default.jar"/>
+ <artifact id="servlets-invoker.jar"/>
+ <artifact id="servlets-webdav.jar"/>
+ <artifact id="servlets-common.jar"/>
+ <artifact id="servlet-api.jar"/>
+ <artifact id="tomcat-coyote.jar"/>
+ <artifact id="tomcat-http11.jar"/>
+ <artifact id="tomcat-util.jar"/>
+ <artifact id="tomcat-jk2.jar"/>
+ <artifact id="naming-common.jar"/>
+ <artifact id="jsp-api.jar"/>
+ <import componentref="apache-modeler">
+ <compatible version="1.1patch"/>
+ </import>
+ <import componentref="commons-el">
+ <compatible version="1.0"/>
+ </import>
+ <export>
+ <include input="catalina-manager.jar"/>
+ <include input="catalina-optional.jar"/>
+ <include input="catalina.jar"/>
+ <include input="jasper-compiler.jar"/>
+ <include input="jasper-runtime.jar"/>
+ <include input="naming-resources.jar"/>
+ <include input="servlets-default.jar"/>
+ <include input="servlets-invoker.jar"/>
+ <include input="servlets-webdav.jar"/>
+ <include input="servlets-common.jar"/>
+ <include input="servlet-api.jar"/>
+ <include input="tomcat-coyote.jar"/>
+ <include input="tomcat-http11.jar"/>
+ <include input="tomcat-util.jar"/>
+ <include input="tomcat-jk2.jar"/>
+ <include input="naming-common.jar"/>
+ <include input="jsp-api.jar"/>
+ </export>
+ </component>
+</project>
Added: apache-tomcat/5.0.30.patch03-brew/lib/catalina-manager.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/catalina-manager.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/catalina-optional.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/catalina-optional.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/catalina.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/catalina.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/jasper-compiler.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/jasper-compiler.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/jasper-runtime.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/jasper-runtime.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/jsp-api.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/jsp-api.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/naming-common.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/naming-common.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/naming-resources.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/naming-resources.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/servlet-api.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/servlet-api.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/servlets-common.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/servlets-common.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/servlets-default.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/servlets-default.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/servlets-invoker.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/servlets-invoker.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/servlets-webdav.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/servlets-webdav.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-coyote.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-coyote.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-http11.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-http11.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-jk2.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-jk2.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-util.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/lib/tomcat-util.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/src/jakarta-tomcat-5.0.30-src.tar.gz
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.0.30.patch03-brew/src/jakarta-tomcat-5.0.30-src.tar.gz
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2005-2090.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2005-2090.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2005-2090.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,39 @@
+--- jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/Request.java (revision 531784)
++++ jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/Request.java (working copy)
+@@ -309,7 +309,7 @@
+ public long getContentLengthLong() {
+ if( contentLength > -1 ) return contentLength;
+
+- MessageBytes clB = headers.getValue("content-length");
++ MessageBytes clB = headers.getUniqueValue("content-length");
+ contentLength = (clB == null || clB.isNull()) ? -1 : clB.getLong();
+
+ return contentLength;
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/MimeHeaders.java (revision 531784)
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/MimeHeaders.java (working copy)
+@@ -286,6 +286,25 @@
+ return null;
+ }
+
++ /**
++ * Finds and returns a unique header field with the given name. If no such
++ * field exists, null is returned. If the specified header field is not
++ * unique then an {@link IllegalArgumentException} is thrown.
++ */
++ public MessageBytes getUniqueValue(String name) {
++ MessageBytes result = null;
++ for (int i = 0; i < count; i++) {
++ if (headers[i].getName().equalsIgnoreCase(name)) {
++ if (result == null) {
++ result = headers[i].getValue();
++ } else {
++ throw new IllegalArgumentException();
++ }
++ }
++ }
++ return result;
++ }
++
+ // bad shortcut - it'll convert to string ( too early probably,
+ // encoding is guessed very late )
+ public String getHeader(String name) {
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-3835.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-3835.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-3835.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,34 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java 2005/11/09 19:43:12 332126
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java 2005/11/09 19:50:47 332127
+@@ -98,7 +98,7 @@
+ /**
+ * Should we generate directory listings?
+ */
+- protected boolean listings = true;
++ protected boolean listings = false;
+
+
+ /**
+--- jakarta-tomcat-catalina/catalina/src/conf/web.xml.orig 2004-11-24 11:55:06.000000000 -0500
++++ jakarta-tomcat-catalina/catalina/src/conf/web.xml 2007-04-27 16:58:02.000000000 -0400
+@@ -31,7 +31,10 @@
+ <!-- resources to be served. [2048] -->
+ <!-- -->
+ <!-- listings Should directory listings be produced if there -->
+- <!-- is no welcome file in this directory? [true] -->
++ <!-- is no welcome file in this directory? [false] -->
++ <!-- WARNING: Listings for directories with many -->
++ <!-- entries can be slow and may consume -->
++ <!-- significant proportions of server resources. -->
+ <!-- -->
+ <!-- output Output buffer size (in bytes) when writing -->
+ <!-- resources to be served. [2048] -->
+@@ -68,7 +71,7 @@
+ </init-param>
+ <init-param>
+ <param-name>listings</param-name>
+- <param-value>true</param-value>
++ <param-value>false</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7195.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7195.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7195.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,49 @@
+--- jakarta-tomcat-catalina/webapps/docs/appdev/sample/src/mypackage/Hello.java.orig 2004-11-24 11:55:36.000000000 -0500
++++ jakarta-tomcat-catalina/webapps/docs/appdev/sample/src/mypackage/Hello.java 2007-04-27 14:29:32.000000000 -0400
+@@ -68,24 +68,11 @@
+ writer.println("<td>");
+ writer.println("<h1>Sample Application Servlet</h1>");
+ writer.println("This is the output of a servlet that is part of");
+- writer.println("the Hello, World application. It displays the");
+- writer.println("request headers from the request we are currently");
+- writer.println("processing.");
++ writer.println("the Hello, World application.");
+ writer.println("</td>");
+ writer.println("</tr>");
+ writer.println("</table>");
+
+- writer.println("<table border=\"0\" width=\"100%\">");
+- Enumeration names = request.getHeaderNames();
+- while (names.hasMoreElements()) {
+- String name = (String) names.nextElement();
+- writer.println("<tr>");
+- writer.println(" <th align=\"right\">" + name + ":</th>");
+- writer.println(" <td>" + request.getHeader(name) + "</td>");
+- writer.println("</tr>");
+- }
+- writer.println("</table>");
+-
+ writer.println("</body>");
+ writer.println("</html>");
+
+--- jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp.orig 2004-11-24 11:54:58.000000000 -0500
++++ jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp 2007-04-27 14:29:32.000000000 -0400
+@@ -69,15 +69,15 @@
+ </tr>
+ <tr>
+ <td>\${header["host"]}</td>
+- <td>${header["host"]}</td>
++ <td>${fn:escapeXml(header["host"])} </td>
+ </tr>
+ <tr>
+ <td>\${header["accept"]}</td>
+- <td>${header["accept"]}</td>
++ <td>${fn:escapeXml(header["accept"])} </td>
+ </tr>
+ <tr>
+ <td>\${header["user-agent"]}</td>
+- <td>${header["user-agent"]}</td>
++ <td>${fn:escapeXml(header["user-agent"])} </td>
+ </tr>
+ </table>
+ </code>
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7196.5.x.y.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7196.5.x.y.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2006-7196.5.x.y.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,17 @@
+--- jakarta-servletapi-5/jsr152/examples/cal/cal2.jsp (revision 267240)
++++ jakarta-servletapi-5/jsr152/examples/cal/cal2.jsp (revision 369933)
+@@ -29,12 +29,12 @@
+
+ <FONT SIZE=5> Please add the following event:
+ <BR> <h3> Date <%= table.getDate() %>
+-<BR> Time <%= time %> </h3>
++<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>
+ </FONT>
+ <FORM METHOD=POST ACTION=cal1.jsp>
+ <BR>
+ <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
+-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %>
++<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>
+ <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20> </h2>
+ <BR> <INPUT TYPE=SUBMIT VALUE="submit">
+ </FORM>
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-0450.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-0450.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-0450.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,89 @@
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/buf/UDecoder.java.orig 2004-11-24 11:55:55.000000000 -0500
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/buf/UDecoder.java 2007-04-27 14:30:13.000000000 -0400
+@@ -29,6 +29,9 @@
+ */
+ public final class UDecoder {
+
++ protected static final boolean ALLOW_ENCODED_SLASH =
++ Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue();
++
+ public UDecoder()
+ {
+ }
+@@ -62,6 +65,8 @@
+ // idx will be the smallest positive inxes ( first % or + )
+ if( idx2 >= 0 && idx2 < idx ) idx=idx2;
+ if( idx < 0 ) idx=idx2;
++
++ boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
+
+ for( int j=idx; j<end; j++, idx++ ) {
+ if( buff[ j ] == '+' && query) {
+@@ -80,6 +85,9 @@
+
+ j+=2;
+ int res=x2c( b1, b2 );
++ if (noSlash && (res == '/')) {
++ throw new CharConversionException( "noSlash");
++ }
+ buff[idx]=(byte)res;
+ }
+ }
+@@ -121,7 +129,8 @@
+
+ if( idx2 >= 0 && idx2 < idx ) idx=idx2;
+ if( idx < 0 ) idx=idx2;
+-
++
++ boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
+ for( int j=idx; j<cend; j++, idx++ ) {
+ if( buff[ j ] == '+' && query ) {
+ buff[idx]=( ' ' );
+@@ -140,6 +149,9 @@
+
+ j+=2;
+ int res=x2c( b1, b2 );
++ if (noSlash && (res == '/')) {
++ throw new CharConversionException( "noSlash");
++ }
+ buff[idx]=(char)res;
+ }
+ }
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java.orig 2004-11-24 11:55:18.000000000 -0500
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java 2007-04-27 14:30:13.000000000 -0400
+@@ -54,6 +54,8 @@
+ {
+ private static Log log = LogFactory.getLog(CoyoteAdapter.class);
+
++ protected static final boolean ALLOW_BACKSLASH =
++ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue();
+ // -------------------------------------------------------------- Constants
+
+
+@@ -232,8 +234,8 @@
+ req.getURLDecoder().convert(decodedURI, false);
+ } catch (IOException ioe) {
+ res.setStatus(400);
+- res.setMessage("Invalid URI");
+- throw ioe;
++ res.setMessage("Invalid URI: " + ioe.getMessage());
++ return false;
+ }
+ // Normalization
+ if (!normalize(req.decodedURI())) {
+@@ -473,8 +475,13 @@
+ // Replace '\' with '/'
+ // Check for null byte
+ for (pos = start; pos < end; pos++) {
+- if (b[pos] == (byte) '\\')
+- b[pos] = (byte) '/';
++ if (b[pos] == (byte) '\\') {
++ if (ALLOW_BACKSLASH) {
++ b[pos] = (byte) '/';
++ } else {
++ return false;
++ }
++ }
+ if (b[pos] == (byte) 0)
+ return false;
+ }
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1358.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1358.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1358.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,27 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java 2004-11-24 17:55:18.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java 2008-04-04 15:35:26.000000000 +0200
+@@ -2539,6 +2539,9 @@
+ variant = "";
+ }
+ }
++ if (!isAlpha(language) || !isAlpha(country) || !isAlpha(variant)) {
++ continue;
++ }
+
+ // Add a new Locale to the list of Locales for this quality level
+ Locale locale = new Locale(language, country, variant);
+@@ -2604,4 +2607,14 @@
+
+ }
+
++ protected static final boolean isAlpha(String value) {
++ for (int i = 0; i < value.length(); i++) {
++ char c = value.charAt(i);
++ if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z'))) {
++ return false;
++ }
++ }
++ return true;
++ }
++
+ }
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1858.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1858.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-1858.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,13 @@
+Index: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+===================================================================
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (revision 531485)
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (working copy)
+@@ -187,6 +187,8 @@
+ enabledCiphers = new String[vec.size()];
+ vec.copyInto(enabledCiphers);
+ }
++ } else {
++ enabledCiphers = sslProxy.getDefaultCipherSuites();
+ }
+
+ return enabledCiphers;
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2449_CVE-2007-1355_CVE-2005-4838.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2449_CVE-2007-1355_CVE-2005-4838.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2449_CVE-2007-1355_CVE-2005-4838.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,42 @@
+--- jakarta-tomcat-catalina/webapps/docs/build.xml 2008-04-04 13:28:58.000000000 -0400
++++ jakarta-tomcat-catalina/webapps/docs/build.xml 2008-04-07 12:14:25.000000000 -0400
+@@ -43,11 +43,13 @@
+ <copy todir="${webapps.build}/${webapp.name}/appdev">
+ <fileset dir="appdev" includes="*.txt"/>
+ </copy>
++<!--
+ <copy todir="${webapps.build}/${webapp.name}/appdev/sample">
+ <fileset dir="appdev/sample"/>
+ </copy>
+ <copy tofile="${webapps.build}/${webapp.name}/appdev/sample/build.xml"
+ file="appdev/build.xml.txt"/>
++-->
+
+ <!-- Catalina Functional Specifications -->
+ <mkdir dir="${webapps.build}/${webapp.name}/catalina/funcspecs"/>
+--- jakarta-tomcat-5/build.xml 2008-04-04 12:26:53.000000000 -0400
++++ jakarta-tomcat-5/build.xml 2008-04-04 15:53:22.000000000 -0400
+@@ -300,6 +300,7 @@
+ <classpath refid="jspc.classpath"/>
+ </taskdef>
+
++<!--
+ <jasper2
+ compile="false"
+ validateXml="false"
+@@ -324,6 +325,7 @@
+ webXmlFragment="${admin.base}/WEB-INF/generated_web.xml"
+ addWebXmlMappings="true"
+ outputDir="${admin.base}/WEB-INF/src/admin" />
++-->
+
+ <javac destdir="${ROOT.base}/WEB-INF/classes"
+ optimize="off"
+@@ -350,6 +352,7 @@
+ </fileset>
+ </copy>
+
++ <mkdir dir="${jsp-examples.base}/WEB-INF/classes"/>
+ <javac destdir="${jsp-examples.base}/WEB-INF/classes"
+ optimize="off"
+ debug="on" failonerror="false"
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2450.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2450.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-2450.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,23 @@
+--- jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java 2007-09-05 09:41:50.000000000 +0200
++++ jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java 2007-09-05 09:42:16.000000000 +0200
+@@ -33,6 +33,7 @@
+ import javax.servlet.http.HttpServletResponse;
+ import org.apache.catalina.Context;
+ import org.apache.catalina.Host;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ServerInfo;
+ import org.apache.commons.fileupload.FileItem;
+ import org.apache.commons.fileupload.DiskFileUpload;
+@@ -304,7 +305,11 @@
+ // Message Section
+ args = new Object[3];
+ args[0] = sm.getString("htmlManagerServlet.messageLabel");
+- args[1] = (message == null || message.length() == 0) ? "OK" : message;
++ if (message == null || message.length() == 0) {
++ args[1] = "OK";
++ } else {
++ args[1] = RequestUtil.filter(message);
++ }
+ writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
+
+ // Manager Section
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-3382_CVE-2007-3385.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-3382_CVE-2007-3385.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-3382_CVE-2007-3385.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,161 @@
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007/07/25 02:14:15 559282
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007/07/25 02:19:40 559283
+@@ -123,6 +123,7 @@
+ //
+ // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
+ private static final String tspecials = ",;";
++ private static final String tspecials2 = ",; \"";
+
+ /*
+ * Tests a string and returns true if the string counts as a
+@@ -147,6 +148,20 @@
+ return true;
+ }
+
++ public static boolean isToken2(String value) {
++ if( value==null) return true;
++ int len = value.length();
++
++ for (int i = 0; i < len; i++) {
++ char c = value.charAt(i);
++
++ if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
++ return false;
++ }
++ return true;
++ }
++
++
+ public static boolean checkName( String name ) {
+ if (!isToken(name)
+ || name.equalsIgnoreCase("Comment") // rfc2019
+@@ -206,7 +221,7 @@
+ // this part is the same for all cookies
+ buf.append( name );
+ buf.append("=");
+- maybeQuote(version, buf, value);
++ maybeQuote2(version, buf, value);
+
+ // XXX Netscape cookie: "; "
+ // add version 1 specific information
+@@ -276,16 +291,56 @@
+ throw new IllegalArgumentException( value );
+ else {
+ buf.append ('"');
+- buf.append (value);
++ buf.append (escapeDoubleQuotes(value));
+ buf.append ('"');
+ }
+ }
+ }
+
++ public static void maybeQuote2 (int version, StringBuffer buf,
++ String value) {
++ // special case - a \n or \r shouldn't happen in any case
++ if (isToken2(value)) {
++ buf.append(value);
++ } else {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value));
++ buf.append('"');
++ }
++ }
++
++
+ // log
+ static final int dbg=1;
+ public static void log(String s ) {
+ System.out.println("ServerCookie: " + s);
++ }
++
++ /**
++ * Escapes any double quotes in the given string.
++ *
++ * @param s the input string
++ *
++ * @return The (possibly) escaped string
++ */
++ private static String escapeDoubleQuotes(String s) {
++
++ if (s == null || s.length() == 0 || s.indexOf('"') == -1) {
++ return s;
++ }
++
++ StringBuffer b = new StringBuffer();
++ char p = s.charAt(0);
++ for (int i = 0; i < s.length(); i++) {
++ char c = s.charAt(i);
++ if (c == '"' && p != '\\')
++ b.append('\\').append('"');
++ else
++ b.append(c);
++ p = c;
++ }
++
++ return b.toString();
+ }
+
+ }
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 11:23:52.000000000 +0200
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 11:43:55.000000000 +0200
+@@ -243,9 +243,11 @@
+
+ // quote is valid only in version=1 cookies
+ cc=bytes[pos];
+- if( ( version == 1 || isSpecial ) && ( cc== '\'' || cc=='"' ) ) {
+- startValue++;
+- endValue=indexOf( bytes, startValue, end, cc );
++ if( ( version == 1 || isSpecial ) && ( cc== '"' ) ) {
++ endValue=findDelim3( bytes, startValue+1, end, cc );
++ if (endValue == -1) {
++ endValue = findDelim2(bytes, startValue+1, end);
++ } else startValue++;
+ pos=endValue+1; // to skip to next cookie
+ } else {
+ endValue=findDelim2( bytes, startValue, end );
+@@ -321,28 +323,26 @@
+ return off;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, byte qq )
++ /*
++ * search for cc but skip \cc as required by rfc2616
++ * (according to rfc2616 cc should be ")
++ */
++ public static int findDelim3( byte bytes[], int off, int end, byte cc )
+ {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==qq )
+- return off;
+- off++;
+- }
+- return off;
++ while( off < end ) {
++ byte b=bytes[off];
++ if (b=='\\') {
++ off++;
++ off++;
++ continue;
++ }
++ if( b==cc )
++ return off;
++ off++;
++ }
++ return -1;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, char qq )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==qq )
+- return off;
+- off++;
+- }
+- return off;
+- }
+-
+ // XXX will be refactored soon!
+ public static boolean equals( String s, byte b[], int start, int end) {
+ int blen = end-start;
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-5461.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-5461.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2007-5461.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,72 @@
+--- ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java.sav 2004-11-24 11:55:13.000000000 -0500
++++ ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2007-10-22 22:34:40.000000000 -0400
+@@ -19,6 +19,7 @@
+
+
+ import java.io.IOException;
++import java.io.StringReader;
+ import java.io.StringWriter;
+ import java.io.Writer;
+ import java.text.SimpleDateFormat;
+@@ -33,6 +34,7 @@
+ import javax.naming.NamingEnumeration;
+ import javax.naming.NamingException;
+ import javax.naming.directory.DirContext;
++import javax.servlet.ServletContext;
+ import javax.servlet.ServletException;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpServletResponse;
+@@ -49,6 +51,7 @@
+ import org.w3c.dom.Element;
+ import org.w3c.dom.Node;
+ import org.w3c.dom.NodeList;
++import org.xml.sax.EntityResolver;
+ import org.xml.sax.InputSource;
+ import org.xml.sax.SAXException;
+
+@@ -219,6 +222,8 @@
+ documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ documentBuilder = documentBuilderFactory.newDocumentBuilder();
++ documentBuilder.setEntityResolver(
++ new WebdavResolver(this.getServletContext()));
+ } catch(ParserConfigurationException e) {
+ throw new ServletException
+ (sm.getString("webdavservlet.jaxpfailed"));
+@@ -2716,6 +2721,26 @@
+ }
+
+
++ // --------------------------------------------- WebdavResolver Inner Class
++ /**
++ * Work around for XML parsers that don't fully respect
++ * {@link DocumentBuilderFactory#setExpandEntityReferences(false)}. External
++ * references are filtered out for security reasons. See CVE-2007-5461.
++ */
++ private class WebdavResolver implements EntityResolver {
++ private ServletContext context;
++
++ public WebdavResolver(ServletContext theContext) {
++ context = theContext;
++ }
++
++ public InputSource resolveEntity (String publicId, String systemId) {
++ context.log(sm.getString("webdavservlet.enternalEntityIgnored",
++ publicId, systemId));
++ return new InputSource(
++ new StringReader("Ignored external entity"));
++ }
++ }
+ };
+
+
+--- ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties.sav 2007-10-22 21:01:54.000000000 -0400
++++ ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties 2007-10-22 21:02:09.000000000 -0400
+@@ -9,6 +9,7 @@
+ invokerServlet.notNamed=Cannot call invoker servlet with a named dispatcher
+ invokerServlet.noWrapper=Container has not called setWrapper() for this servlet
+ webdavservlet.jaxpfailed=JAXP initialization failed
++webdavservlet.enternalEntityIgnored=The request included a reference to an external entity with PublicID {0} and SystemID {1} which was ignored
+ directory.filename=Filename
+ directory.lastModified=Last Modified
+ directory.parent=Up To {0}
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2008-0128.5.0.x.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2008-0128.5.0.x.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-CVE-2008-0128.5.0.x.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,14 @@
+--- ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java 2004-11-24 17:55:07.000000000 +0100
++++ ./jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java 2008-04-04 15:53:59.000000000 +0200
+@@ -843,6 +843,11 @@
+ Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, ssoId);
+ cookie.setMaxAge(-1);
+ cookie.setPath("/");
++
++ // Bugzilla 41217
++ javax.servlet.ServletRequest r = (javax.servlet.ServletRequest) request;
++ cookie.setSecure(r.isSecure());
++
+ hres.addCookie(cookie);
+
+ // Register this principal with our SSO valve
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-bootstrap.MF.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-bootstrap.MF.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-bootstrap.MF.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,8 @@
+--- jakarta-tomcat-5.0.30-src/jakarta-tomcat-catalina/catalina/etc/bootstrap.MF 2004-11-24 11:55:05.000000000 -0500
++++ jakarta-tomcat-5.0.30-src/jakarta-tomcat-catalina/catalina/etc/bootstrap.MF 2004-12-10 16:33:56.000000000 -0500
+@@ -1,5 +1,4 @@
+ Manifest-Version: 1.0
+ Main-Class: org.apache.catalina.startup.Bootstrap
+-Class-Path: jmx.jar commons-daemon.jar commons-logging-api.jar
+ Specification-Title: Catalina
+ Specification-Version: 1.0
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-javaxssl.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-javaxssl.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-javaxssl.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,52 @@
+--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java.orig 2004-06-17 21:11:40.000000000 -0400
++++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java 2004-12-07 15:21:53.000000000 -0500
+@@ -66,8 +66,8 @@
+ */
+ void init() throws IOException {
+ try {
+- Security.addProvider (new sun.security.provider.Sun());
+- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
++ // Security.addProvider (new sun.security.provider.Sun());
++ // Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
+
+ String clientAuthStr = (String)attributes.get("clientauth");
+ if("true".equalsIgnoreCase(clientAuthStr) ||
+@@ -85,8 +85,8 @@
+ if (algorithm == null) algorithm = defaultAlgorithm;
+
+ // Set up KeyManager, which will extract server key
+- com.sun.net.ssl.KeyManagerFactory kmf =
+- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
++ javax.net.ssl.KeyManagerFactory kmf =
++ javax.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ String keystoreType = (String)attributes.get("keystoreType");
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+@@ -96,22 +96,22 @@
+ keystorePass.toCharArray());
+
+ // Set up TrustManager
+- com.sun.net.ssl.TrustManager[] tm = null;
++ javax.net.ssl.TrustManager[] tm = null;
+ String truststoreType = (String)attributes.get("truststoreType");
+ if(truststoreType == null) {
+ truststoreType = keystoreType;
+ }
+ KeyStore trustStore = getTrustStore(truststoreType);
+ if (trustStore != null) {
+- com.sun.net.ssl.TrustManagerFactory tmf =
+- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
++ javax.net.ssl.TrustManagerFactory tmf =
++ javax.net.ssl.TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+ tm = tmf.getTrustManagers();
+ }
+
+ // Create and init SSLContext
+- com.sun.net.ssl.SSLContext context =
+- com.sun.net.ssl.SSLContext.getInstance(protocol);
++ javax.net.ssl.SSLContext context =
++ javax.net.ssl.SSLContext.getInstance(protocol);
+ context.init(kmf.getKeyManagers(), tm, new SecureRandom());
+
+ // Create proxy
Added: apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-jbas-2775-server-header.patch
===================================================================
--- apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-jbas-2775-server-header.patch (rev 0)
+++ apache-tomcat/5.0.30.patch03-brew/src/tomcat5-5.0.30-jbas-2775-server-header.patch 2008-04-09 18:42:07 UTC (rev 4469)
@@ -0,0 +1,49 @@
+--- jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
++++ jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
+298a299,302
+> /**
+> * Allow a customized the server header for the tin-foil hat folks.
+> */
+> protected String server = null;
+707a712,729
+> * Set the server header name.
+> */
+> public void setServer( String server ) {
+> if (server==null || server.equals("")) {
+> this.server = null;
+> } else {
+> this.server = server;
+> }
+> }
+>
+> /**
+> * Get the server header name.
+> */
+> public String getServer() {
+> return server;
+> }
+>
+> /**
+1509a1532,1535
+>
+> if (server != null) {
+> headers.setValue("Server").setString(server);
+> } else {
+1510a1537
+> }
+--- jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java
++++ jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java
+229a230
+> private String server;
+568a570,577
+> public void setServer( String server ) {
+> this.server = server;
+> }
+>
+> public String getServer() {
+> return server;
+> }
+>
+659a669
+> processor.setServer( proto.server );
+
More information about the jboss-cvs-commits
mailing list