Author: hfnukal
Date: 2012-06-19 07:51:51 -0400 (Tue, 19 Jun 2012)
New Revision: 8730
Added:
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-2377/
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch
Modified:
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml
Log:
Bug 823392 - (CVE-2012-2377) CVE-2012-2377 JGroups diagnostics service enabled by default
with no authentication when a JGroups channel is started
Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2012-06-19
09:47:38 UTC (rev 8729)
+++ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2012-06-19
11:51:51 UTC (rev 8730)
@@ -78,7 +78,7 @@
</zip>
</target>
- <target name="finalTasks"
depends="modifyStartupMessage,jbossws-native-PATCH,patch-RESTEasy-CVE-2012-081,patch-JBossWeb-CVE-2011-4610,patch-JBossWeb-CVE-2012-1154">
+ <target name="finalTasks"
depends="modifyStartupMessage,jbossws-native-PATCH,patch-RESTEasy-CVE-2012-081,patch-JBossWeb-CVE-2011-4610,patch-JBossWeb-CVE-2012-1154,patch-CVE-2012-2377">
</target>
<!-- Patching startup message in log when starting portal -->
@@ -156,4 +156,23 @@
<copy overwrite="true" file="${mod-cluster_resource_jar}"
tofile="${epp.path}/mod_cluster/mod-cluster.sar/mod-cluster-1.0.10.GA_CP02.jar"/>
<copy overwrite="true" file="${mod-cluster_resource_jar}"
tofile="${epp.path}/mod_cluster/JBossWeb-Tomcat/lib/mod-cluster.jar"/>
</target>
+
+ <target name="patch-CVE-2012-2377">
+ <echo>Patch for CVE-2012-2377 mod_cluster.jar</echo>
+ <patch
+
originalfile="${epp.path}/jboss-as/server/all/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml"
+
patchfile="${basedir}/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch"
+ failonerror="${patch.failonerror}"
+ />
+ <patch
+
originalfile="${epp.path}/jboss-as/server/production/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml"
+
patchfile="${basedir}/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch"
+ failonerror="${patch.failonerror}"
+ />
+ <patch
+
originalfile="${epp.path}/jboss-as/server/web/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml"
+
patchfile="${basedir}/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch"
+ failonerror="${patch.failonerror}"
+ />
+ </target>
</project>
\ No newline at end of file
Added:
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch
===================================================================
---
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch
(rev 0)
+++
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-2377/CVE-2012-2377_jgroups-channelfactory-stacks.xml.patch 2012-06-19
11:51:51 UTC (rev 8730)
@@ -0,0 +1,56 @@
+--- jgroups-channelfactory-stacks.xml 2012-06-19 12:48:22.000000000 +0200
++++ jgroups-channelfactory-stacks-patch.xml 2012-06-19 12:51:58.000000000 +0200
+@@ -20,7 +20,7 @@
+ ip_ttl="${jgroups.udp.ip_ttl:2}"
+ thread_naming_pattern="cl"
+ timer.num_threads="12"
+- enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++ enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+ diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+
+@@ -123,7 +123,7 @@
+ ip_ttl="${jgroups.udp.ip_ttl:2}"
+ thread_naming_pattern="cl"
+ timer.num_threads="12"
+- enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++ enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+ diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+
+@@ -191,7 +191,7 @@
+ discard_incompatible_packets="true"
+ enable_bundling="false"
+ ip_ttl="${jgroups.udp.ip_ttl:2}"
+-
enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++
enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+
diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+
+@@ -257,7 +257,7 @@
+ sock_conn_timeout="300"
+ skip_suspected_members="true"
+ timer.num_threads="12"
+-
enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++
enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+
diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+
+@@ -336,7 +336,7 @@
+ use_send_queues="false"
+ sock_conn_timeout="300"
+ skip_suspected_members="true"
+-
enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++
enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+
diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+
+@@ -447,7 +447,7 @@
+ use_send_queues="false"
+ sock_conn_timeout="300"
+ skip_suspected_members="true"
+-
enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}"
++
enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"
+
diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"
+ diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"
+