Author: hfnukal Date: 2012-03-28 04:23:52 -0400 (Wed, 28 Mar 2012) New Revision: 8650 Added: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-1154/ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-1154/mod_cluster.jar Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml Log: Bug 807573 - CVE-2012-1154 mod_cluster registers and exposes the root context of a server by default, despite ROOT being in the excluded-contexts list Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2012-03-27 23:22:46 UTC (rev 8649) +++ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2012-03-28 08:23:52 UTC (rev 8650) @@ -78,7 +78,7 @@ </zip> </target> - <target name="finalTasks" depends="modifyStartupMessage,jbossws-native-PATCH,patch-RESTEasy-CVE-2012-081,patch-JBossWeb-CVE-2011-4610"> + <target name="finalTasks" depends="modifyStartupMessage,jbossws-native-PATCH,patch-RESTEasy-CVE-2012-081,patch-JBossWeb-CVE-2011-4610,patch-JBossWeb-CVE-2012-1154"> </target> <!-- Patching startup message in log when starting portal --> @@ -129,7 +129,7 @@ </target> <target name="patch-RESTEasy-CVE-2012-081"> - <echo>Patch for CVE-2012-081</echo> + <echo>Patch for CVE-2012-081 RestEasy</echo> <property name="resteasy_resource_jar" value="${basedir}/src/main/resources/eap/CVE-2012-0818" /> <copy overwrite="true" file="${resteasy_resource_jar}/resteasy-fastinfoset-provider.jar" tofile="${epp.path}/resteasy/lib/resteasy-fastinfoset-provider.jar"/> <copy overwrite="true" file="${resteasy_resource_jar}/resteasy-jaxb-provider.jar" tofile="${epp.path}/resteasy/lib/resteasy-jaxb-provider.jar"/> @@ -143,10 +143,17 @@ </target> <target name="patch-JBossWeb-CVE-2011-4610"> - <echo>Patch for CVE-2012-081</echo> + <echo>Patch for CVE-2011-4610 JBossWeb</echo> <property name="jbossweb_resource_jar" value="${basedir}/src/main/resources/eap/CVE-2011-4610/jbossweb.jar" /> <copy overwrite="true" file="${jbossweb_resource_jar}" tofile="${epp.path}/jboss-as/server/default/deploy/jbossweb.sar/jbossweb.jar"/> <copy overwrite="true" file="${jbossweb_resource_jar}" tofile="${epp.path}/jboss-as/server/production/deploy/jbossweb.sar/jbossweb.jar"/> <copy overwrite="true" file="${jbossweb_resource_jar}" tofile="${epp.path}/jboss-as/server/all/deploy/jbossweb.sar/jbossweb.jar"/> </target> + + <target name="patch-JBossWeb-CVE-2012-1154"> + <echo>Patch for CVE-2012-1154 mod_cluster.jar</echo> + <property name="mod-cluster_resource_jar" value="${basedir}/src/main/resources/eap/CVE-2012-1154/mod_cluster.jar" /> + <copy overwrite="true" file="${mod-cluster_resource_jar}" tofile="${epp.path}/mod_cluster/mod-cluster.sar/mod-cluster-1.0.10.GA_CP02.jar"/> + <copy overwrite="true" file="${mod-cluster_resource_jar}" tofile="${epp.path}/mod_cluster/JBossWeb-Tomcat/lib/mod-cluster.jar"/> + </target> </project> \ No newline at end of file Added: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-1154/mod_cluster.jar =================================================================== (Binary files differ) Property changes on: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/main/resources/eap/CVE-2012-1154/mod_cluster.jar ___________________________________________________________________ Added: svn:mime-type + application/octet-stream