September 2011 - jbossweb-commits

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2011-09-30 10:03:26 -0400 (Fri, 30 Sep 2011) New Revision: 1844 Added: tags/JBOSSWEB_7_0_2_FINAL/ Log: Web 7.0.2

12 years, 8 months

1
0
0 / 0

JBossWeb SVN: r1843 - in branches/2.1.x: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-28 03:51:36 -0400 (Wed, 28 Sep 2011) New Revision: 1843 Modified: branches/2.1.x/java/org/apache/jasper/xmlparser/ParserUtils.java branches/2.1.x/webapps/docs/changelog.xml Log: Fix for JBPAPP-7267 Modified: branches/2.1.x/java/org/apache/jasper/xmlparser/ParserUtils.java =================================================================== --- branches/2.1.x/java/org/apache/jasper/xmlparser/ParserUtils.java 2011-09-23 16:47:53 UTC (rev 1842) +++ branches/2.1.x/java/org/apache/jasper/xmlparser/ParserUtils.java 2011-09-28 07:51:36 UTC (rev 1843) @@ -87,7 +87,7 @@ // Perform an XML parse of this document, via JAXP try { DocumentBuilderFactory factory = - DocumentBuilderFactory.newInstance(); + createDocumentBuilderFactory(); factory.setNamespaceAware(true); factory.setValidating(validating); DocumentBuilder builder = factory.newDocumentBuilder(); @@ -116,7 +116,7 @@ return (convert(null, document.getDocumentElement())); } - + /** * Parse the specified XML document, and return a <code>TreeNode</code> * that corresponds to the root node of the document tree. @@ -184,6 +184,22 @@ // Return the completed TreeNode graph return (treeNode); } + + protected static DocumentBuilderFactory createDocumentBuilderFactory() + { + ClassLoader cl = Thread.currentThread().getContextClassLoader(); + DocumentBuilderFactory factory; + try + { + Thread.currentThread().setContextClassLoader(ParserUtils.class.getClassLoader()); + factory = DocumentBuilderFactory.newInstance(); + } + finally + { + Thread.currentThread().setContextClassLoader(cl); + } + return factory; + } } Modified: branches/2.1.x/webapps/docs/changelog.xml =================================================================== --- branches/2.1.x/webapps/docs/changelog.xml 2011-09-23 16:47:53 UTC (rev 1842) +++ branches/2.1.x/webapps/docs/changelog.xml 2011-09-28 07:51:36 UTC (rev 1843) @@ -23,6 +23,13 @@ </fix> </changelog> </subsection> + <subsection name="Jasper"> + <changelog> + <fix> + <jira>JBPAPP-7267</jira> ParserUtils uses JAXP in a non-modular classloading compatible way (jfclere) + </fix> + </changelog> + </subsection> </section> <section name="JBoss Web 2.1.12.GA (jfclere)">

12 years, 8 months

1
0
0 / 0

JBossWeb SVN: r1842 - trunk/java/org/apache/catalina/connector.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2011-09-23 12:47:53 -0400 (Fri, 23 Sep 2011) New Revision: 1842 Modified: trunk/java/org/apache/catalina/connector/Connector.java Log: Add system properties for the URI encoding configuration. Modified: trunk/java/org/apache/catalina/connector/Connector.java =================================================================== --- trunk/java/org/apache/catalina/connector/Connector.java 2011-09-21 14:40:31 UTC (rev 1841) +++ trunk/java/org/apache/catalina/connector/Connector.java 2011-09-23 16:47:53 UTC (rev 1842) @@ -68,6 +68,13 @@ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.X_POWERED_BY", "false")).booleanValue(); + protected static final String URI_ENCODING = + System.getProperty("org.apache.catalina.connector.URI_ENCODING"); + + protected static final boolean USE_BODY_ENCODING_FOR_QUERY_STRING = + Boolean.valueOf(System.getProperty("org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING", "false")).booleanValue(); + + // ------------------------------------------------------------ Constructor @@ -248,13 +255,13 @@ /** * URI encoding. */ - protected String URIEncoding = null; + protected String URIEncoding = URI_ENCODING; /** * URI encoding as body. */ - protected boolean useBodyEncodingForURI = false; + protected boolean useBodyEncodingForURI = USE_BODY_ENCODING_FOR_QUERY_STRING; /**

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1841 - in trunk: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2011-09-21 10:40:31 -0400 (Wed, 21 Sep 2011) New Revision: 1841 Modified: trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java trunk/webapps/docs/changelog.xml Log: Fix some SSL functionality when a keyAlias is used. Modified: trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java =================================================================== --- trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java 2011-09-09 15:57:27 UTC (rev 1840) +++ trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java 2011-09-21 14:40:31 UTC (rev 1841) @@ -21,6 +21,9 @@ import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; /** @@ -30,7 +33,7 @@ * * @author Jan Luehe */ -public final class JSSEKeyManager implements X509KeyManager { +public final class JSSEKeyManager extends X509ExtendedKeyManager { private X509KeyManager delegate; private String serverKeyAlias; @@ -43,6 +46,7 @@ * supporting certificate chain */ public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) { + super(); this.delegate = mgr; this.serverKeyAlias = serverKeyAlias; } @@ -63,6 +67,7 @@ * @return The alias name for the desired key, or null if there are no * matches */ + @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return delegate.chooseClientAlias(keyType, issuers, socket); @@ -72,15 +77,13 @@ * Returns this key manager's server key alias that was provided in the * constructor. * - * @param keyType The key algorithm type name (ignored) - * @param issuers The list of acceptable CA issuer subject names, or null - * if it does not matter which issuers are used (ignored) - * @param socket The socket to be used for this connection. This parameter - * can be null, in which case this method will return the most generic - * alias to use (ignored) + * @param keyType Ignored + * @param issuers Ignored + * @param socket Ignored * * @return Alias name for the desired key */ + @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { return serverKeyAlias; @@ -95,6 +98,7 @@ * and the root certificate authority last), or null if the alias can't be * found */ + @Override public X509Certificate[] getCertificateChain(String alias) { return delegate.getCertificateChain(alias); } @@ -111,6 +115,7 @@ * @return Array of the matching alias names, or null if there were no * matches */ + @Override public String[] getClientAliases(String keyType, Principal[] issuers) { return delegate.getClientAliases(keyType, issuers); } @@ -127,6 +132,7 @@ * @return Array of the matching alias names, or null if there were no * matches */ + @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return delegate.getServerAliases(keyType, issuers); } @@ -138,7 +144,44 @@ * * @return The requested key, or null if the alias can't be found */ + @Override public PrivateKey getPrivateKey(String alias) { return delegate.getPrivateKey(alias); } + + /** + * Choose an alias to authenticate the client side of a secure socket, + * given the public key type and the list of certificate issuer authorities + * recognized by the peer (if any). + * + * @param keyType The key algorithm type name(s), ordered with the + * most-preferred key type first + * @param issuers The list of acceptable CA issuer subject names, or null + * if it does not matter which issuers are used + * @param engine Ignored + * + * @return The alias name for the desired key, or null if there are no + * matches + */ + @Override + public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, + SSLEngine engine) { + return delegate.chooseClientAlias(keyType, issuers, null); + } + + /** + * Returns this key manager's server key alias that was provided in the + * constructor. + * + * @param keyType Ignored + * @param issuers Ignored + * @param engine Ignored + * + * @return Alias name for the desired key + */ + @Override + public String chooseEngineServerAlias(String keyType, Principal[] issuers, + SSLEngine engine) { + return serverKeyAlias; + } } Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2011-09-09 15:57:27 UTC (rev 1840) +++ trunk/webapps/docs/changelog.xml 2011-09-21 14:40:31 UTC (rev 1841) @@ -30,6 +30,9 @@ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. (markt) </fix> <fix> + <bug>51860</bug>: Fix issues when keyAlias is being used. (markt) + </fix> + <fix> <jira>JBWEB-201</jira>JBoss Web Native causes JVM crash with AJP. (jfclere/remm) </fix> </changelog>

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1840 - trunk/webapps/docs.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-09 11:57:27 -0400 (Fri, 09 Sep 2011) New Revision: 1840 Modified: trunk/webapps/docs/changelog.xml Log: Oops... Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2011-09-09 15:53:34 UTC (rev 1839) +++ trunk/webapps/docs/changelog.xml 2011-09-09 15:57:27 UTC (rev 1840) @@ -29,8 +29,6 @@ <fix> <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. (markt) </fix> - </changelog> - <changelog> <fix> <jira>JBWEB-201</jira>JBoss Web Native causes JVM crash with AJP. (jfclere/remm) </fix>

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1839 - trunk/webapps/docs.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-09 11:53:34 -0400 (Fri, 09 Sep 2011) New Revision: 1839 Modified: trunk/webapps/docs/changelog.xml Log: Add missing changelog. Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2011-09-09 15:44:36 UTC (rev 1838) +++ trunk/webapps/docs/changelog.xml 2011-09-09 15:53:34 UTC (rev 1839) @@ -30,6 +30,11 @@ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. (markt) </fix> </changelog> + <changelog> + <fix> + <jira>JBWEB-201</jira>JBoss Web Native causes JVM crash with AJP. (jfclere/remm) + </fix> + </changelog> </subsection> </section>

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1838 - trunk/java/org/apache/coyote/ajp.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2011-09-09 11:44:36 -0400 (Fri, 09 Sep 2011) New Revision: 1838 Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Log: - Use the open socket flag also (otherwise, the socket will never be closed if it's not added to the poller when there is an error). Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:42:45 UTC (rev 1837) +++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:44:36 UTC (rev 1838) @@ -425,7 +425,7 @@ // Error flag error = false; - boolean openSocket = true; + boolean openSocket = false; boolean keptAlive = false; while (!error && !event) { @@ -437,7 +437,7 @@ // This means that no data is available right now // (long keepalive), so that the processor should be recycled // and the method should return true - rp.setStage(org.apache.coyote.Constants.STAGE_ENDED); + openSocket = true; // Add the socket to the poller endpoint.getPoller().add(socket); break; @@ -534,7 +534,7 @@ } } else { recycle(); - return SocketState.OPEN; + return (openSocket) ? SocketState.OPEN : SocketState.CLOSED; } }

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1837 - branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-09 11:42:45 -0400 (Fri, 09 Sep 2011) New Revision: 1837 Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java Log: Arrange the patch we had long ago for a customer case. Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:40:08 UTC (rev 1836) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:42:45 UTC (rev 1837) @@ -386,7 +386,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } keptAlive = true; @@ -994,7 +995,7 @@ flush(); // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) { Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:40:08 UTC (rev 1836) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:42:45 UTC (rev 1837) @@ -405,7 +405,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } request.setStartTime(System.currentTimeMillis()); @@ -997,7 +998,7 @@ // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) {

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1836 - in branches/2.1.x: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-09 11:40:08 -0400 (Fri, 09 Sep 2011) New Revision: 1836 Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java branches/2.1.x/webapps/docs/changelog.xml Log: Arrange the patch we had long ago for a customer case. Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:26:54 UTC (rev 1835) +++ branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:40:08 UTC (rev 1836) @@ -386,7 +386,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } keptAlive = true; @@ -1011,7 +1012,7 @@ flush(); // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) { Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:26:54 UTC (rev 1835) +++ branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:40:08 UTC (rev 1836) @@ -404,7 +404,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } request.setStartTime(System.currentTimeMillis()); @@ -1013,7 +1014,7 @@ // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) { Modified: branches/2.1.x/webapps/docs/changelog.xml =================================================================== --- branches/2.1.x/webapps/docs/changelog.xml 2011-09-09 15:26:54 UTC (rev 1835) +++ branches/2.1.x/webapps/docs/changelog.xml 2011-09-09 15:40:08 UTC (rev 1836) @@ -15,6 +15,16 @@ </properties> <body> +<section name="JBoss Web 2.1.13.GA (jfclere)"> + <subsection name="Coyote"> + <changelog> + <fix> + <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. (markt) + </fix> + </changelog> + </subsection> +</section> + <section name="JBoss Web 2.1.12.GA (jfclere)"> <subsection name="Catalina"> <changelog>

12 years, 9 months

1
0
0 / 0

JBossWeb SVN: r1835 - in trunk: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2011-09-09 11:26:54 -0400 (Fri, 09 Sep 2011) New Revision: 1835 Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java trunk/java/org/apache/coyote/ajp/AjpProcessor.java trunk/webapps/docs/changelog.xml Log: Arrange the patch we had long ago for a customer case. Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 14:28:58 UTC (rev 1834) +++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:26:54 UTC (rev 1835) @@ -456,7 +456,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } keptAlive = true; @@ -1095,7 +1096,7 @@ flush(); // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) { Modified: trunk/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 14:28:58 UTC (rev 1834) +++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:26:54 UTC (rev 1835) @@ -472,7 +472,8 @@ if(log.isDebugEnabled()) { log.debug("Unexpected message: "+type); } - continue; + error = true; + break; } request.setStartTime(System.currentTimeMillis()); @@ -1106,7 +1107,7 @@ // read remaining data from the special first-body-chunk - if (first && request.getContentLength() > 0) { + if (first && request.getContentLengthLong() > 0) { try { receive(); } catch (IOException e) { Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2011-09-09 14:28:58 UTC (rev 1834) +++ trunk/webapps/docs/changelog.xml 2011-09-09 15:26:54 UTC (rev 1835) @@ -24,6 +24,13 @@ </update> </changelog> </subsection> + <subsection name="Coyote"> + <changelog> + <fix> + <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection. (markt) + </fix> + </changelog> + </subsection> </section> <section name="JBoss Web 7.0.1.Final (remm)">

12 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

jbossweb-commits September 2011