Author: hfnukal Date: 2011-11-18 05:59:33 -0500 (Fri, 18 Nov 2011) New Revision: 8096 Added: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml Log: JBEPP-1324 Fix CVE-2011-4085 in the next release Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2011-11-18 10:58:40 UTC (rev 8095) +++ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/build.xml 2011-11-18 10:59:33 UTC (rev 8096) @@ -78,6 +78,8 @@ </zip> </target> + <target name="finalTasks" depends="modifyStartupMessage,http-ivoker-PATCH,jbossws-native-PATCH"> + </target> <!-- Patching startup message in log when starting portal --> <target name="modifyStartupMessage"> @@ -114,4 +116,32 @@ <zip destfile="${epp.path}/jboss-as/bin/run.jar" basedir="${basedir}/target/work/run.jar/" update="true"> </zip> </target> + + <target name="http-ivoker-PATCH"> + <echo>Patching EAP http-ivoker.sar/invoker.war/web.xml ...</echo> + <patch + originalfile="${epp.path}/jboss-as/server/production/deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml" + patchfile="src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch" + failonerror="true" + /> + <patch + originalfile="${epp.path}/jboss-as/server/all/deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml" + patchfile="src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch" + failonerror="true" + /> + <patch + originalfile="${epp.path}/jboss-as/server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml" + patchfile="src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch" + failonerror="true" + /> + </target> + <target name="jbossws-native-PATCH"> + <echo>One-off patch for JBPAPP-7108</echo> + <property name="resource_jar" value="${basedir}/src/main/resources/eap/jbossws-native-PATCH/jbossws-common-1.1.0.SP7-patch-02.jar" /> + <copy overwrite="true" file="${resource_jar}" tofile="${epp.path}/jboss-as/client/jbossws-common.jar"/> + <copy overwrite="true" file="${resource_jar}" tofile="${epp.path}/jboss-as/common/lib/jbossws-common.jar"/> + <copy overwrite="true" file="${resource_jar}" tofile="${epp.path}/jboss-as/server/default/deployers/jbossws.deployer/jbossws-common.jar"/> + <copy overwrite="true" file="${resource_jar}" tofile="${epp.path}/jboss-as/server/production/deployers/jbossws.deployer/jbossws-common.jar"/> + <copy overwrite="true" file="${resource_jar}" tofile="${epp.path}/jboss-as/server/all/deployers/jbossws.deployer/jbossws-common.jar"/> + </target> </project> \ No newline at end of file Added: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch =================================================================== --- epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/src/patch/EAP/http-invoker.sar.invoker.war.web.xml.patch 2011-11-18 10:59:33 UTC (rev 8096) @@ -0,0 +1,12 @@ +diff -uNr web.xml.orig web.xml +--- web.xml.orig 2011-11-15 00:43:07.000000000 +0100 ++++ web.xml 2011-11-15 00:43:25.000000000 +0100 +@@ -159,8 +159,6 @@ + <url-pattern>/JNDIFactory/*</url-pattern> + <url-pattern>/EJBInvokerServlet/*</url-pattern> + <url-pattern>/JMXInvokerServlet/*</url-pattern> +- <http-method>GET</http-method> +- <http-method>POST</http-method> + </web-resource-collection> + <auth-constraint> + <role-name>HttpInvoker</role-name>