[jboss-cvs] Repository SVN: r24262 - in jboss/jbossws: 2.0.1.SP2_CP04.patch01-brew and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 7 09:58:46 EDT 2009
Author: permaine
Date: 2009-04-07 09:58:46 -0400 (Tue, 07 Apr 2009)
New Revision: 24262
Added:
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/component-info.xml
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxrpc.jar
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxws.jar
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-saaj.jar
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-client.jar
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-scripts.zip
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-src.zip
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core.jar
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-2.0.1.SP2_CP04.patch01-src.tar.gz
jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-CVE-2009-0027.patch
Log:
Add Brew-build 2.0.1.SP2_CP04.patch01-brew
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/component-info.xml
===================================================================
--- jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/component-info.xml (rev 0)
+++ jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/component-info.xml 2009-04-07 13:58:46 UTC (rev 24262)
@@ -0,0 +1,73 @@
+<project name="jboss/jbossws">
+
+ <component id="jboss/jbossws"
+ description="JBossWS an implementation of J2EE Web Services"
+ version="2.0.1.SP2_CP04-brew"
+ licenseType="lgpl"
+ tag="jbossws-2_0_1-3_SP2_CP04_4_ep1_el4">
+
+ <artifact id="jbossws-client.jar"/>
+ <artifact id="jbossws-core.jar"/>
+ <artifact id="jboss-jaxrpc.jar"/>
+ <artifact id="jboss-jaxws.jar"/>
+ <artifact id="jboss-saaj.jar"/>
+ <artifact id="jbossws-core-src.zip"/>
+ <artifact id="jbossws-core-scripts.zip"/>
+
+ <import componentref="jboss/jbossws-common">
+ <compatible version="1.0.0.GA"/>
+ <compatible version="1.0.0.GA-brew"/>
+ <compatible version="1.0.0.GA_CP01-brew"/>
+ <compatible version="1.0.0.GA_CP02-brew"/>
+ </import>
+ <import componentref="jboss/jbossws-framework">
+ <compatible version="2.0.1.GA"/>
+ <compatible version="2.0.1.GA-brew"/>
+ <compatible version="2.0.1.GA_CP02-brew"/>
+ </import>
+ <import componentref="jboss/jbossws-spi">
+ <compatible version="1.0.0.GA"/>
+ <compatible version="1.0.0.GA-brew"/>
+ <compatible version="1.0.0.GA_CP01-brew"/>
+ </import>
+
+ <import componentref="apache-xmlsec">
+ <compatible version="1.3.0"/>
+ <compatible version="1.3.0-brew"/>
+ </import>
+ <import componentref="ibm-wsdl4j">
+ <compatible version="1.6.2"/>
+ <compatible version="1.6.2-brew"/>
+ </import>
+ <import componentref="jbpm/bpel">
+ <compatible version="1.1.0.Beta5"/>
+ <compatible version="1.1.0.GA"/>
+ </import>
+ <import componentref="stax-api">
+ <compatible version="1.0"/>
+ </import>
+ <import componentref="sun-jaxb">
+ <compatible version="2.1.4-brew"/>
+ </import>
+ <import componentref="sun-jaxws">
+ <compatible version="2.1.1-brew"/>
+ </import>
+ <import componentref="woodstox">
+ <compatible version="3.1.1"/>
+ <compatible version="3.1.1-brew"/>
+ </import>
+ <import componentref="wscommons-policy">
+ <compatible version="1.0"/>
+ <compatible version="1.0-brew"/>
+ </import>
+
+ <export>
+ <include input="jbossws-core.jar"/>
+ <include input="jboss-jaxrpc.jar"/>
+ <include input="jboss-jaxws.jar"/>
+ <include input="jboss-saaj.jar"/>
+ </export>
+
+ </component>
+
+</project>
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxrpc.jar
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxrpc.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxws.jar
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-jaxws.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-saaj.jar
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jboss-saaj.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-client.jar
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-client.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-scripts.zip
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-scripts.zip
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-src.zip
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core-src.zip
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core.jar
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/lib/jbossws-core.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-2.0.1.SP2_CP04.patch01-src.tar.gz
===================================================================
(Binary files differ)
Property changes on: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-2.0.1.SP2_CP04.patch01-src.tar.gz
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-CVE-2009-0027.patch
===================================================================
--- jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-CVE-2009-0027.patch (rev 0)
+++ jboss/jbossws/2.0.1.SP2_CP04.patch01-brew/src/jbossws-CVE-2009-0027.patch 2009-04-07 13:58:46 UTC (rev 24262)
@@ -0,0 +1,52 @@
+Index: src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java
+===================================================================
+--- src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java (revision 9637)
++++ src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java (working copy)
+@@ -30,8 +30,11 @@
+
+ import org.jboss.logging.Logger;
+ import org.jboss.ws.metadata.umdm.EndpointMetaData;
++import org.jboss.wsf.common.DOMUtils;
++import org.jboss.wsf.spi.SPIProvider;
++import org.jboss.wsf.spi.SPIProviderResolver;
+ import org.jboss.wsf.spi.management.ServerConfig;
+-import org.jboss.wsf.common.DOMUtils;
++import org.jboss.wsf.spi.management.ServerConfigFactory;
+ import org.w3c.dom.Attr;
+ import org.w3c.dom.Document;
+ import org.w3c.dom.Element;
+@@ -88,11 +91,31 @@
+ // get some imported resource
+ else
+ {
+- String impResourcePath = new File(wsdlLocation.getPath()).getParent() + File.separatorChar + resPath;
++ File wsdlLocFile = new File(wsdlLocation.getPath());
++ String impResourcePath = wsdlLocFile.getParent() + File.separatorChar + resPath;
+ File impResourceFile = new File(impResourcePath);
++ String wsdlPublishLoc = epMetaData.getServiceMetaData().getWsdlPublishLocation();
+
+- Element wsdlElement = DOMUtils.parse(impResourceFile.toURL().openStream());
+- wsdlDoc = wsdlElement.getOwnerDocument();
++ log.debug("Importing resource file: " + impResourceFile.getCanonicalPath());
++
++ String wsdlLocFilePath = wsdlLocFile.getParentFile().getCanonicalPath();
++ SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
++ ServerConfig serverConfig = spiProvider.getSPI(ServerConfigFactory.class).getServerConfig();
++ String wsdlDataLoc = serverConfig.getServerDataDir().getCanonicalPath() + File.separatorChar + "wsdl";
++
++ //allow wsdl file's parent or server's data/wsdl or overriden wsdl publish directories only
++ if (impResourceFile.getCanonicalPath().indexOf(wsdlLocFilePath) >= 0
++ || impResourceFile.getCanonicalPath().indexOf(wsdlDataLoc) >= 0
++ || (wsdlPublishLoc != null
++ && impResourceFile.getCanonicalPath().indexOf(new File(new URL(wsdlPublishLoc).getPath()).getCanonicalPath()) >= 0))
++ {
++ Element wsdlElement = DOMUtils.parse(impResourceFile.toURL().openStream());
++ wsdlDoc = wsdlElement.getOwnerDocument();
++ }
++ else
++ {
++ throw new IOException("Access to this resource is not allowed");
++ }
+ }
+
+ modifyAddressReferences(reqURL, wsdlHost, resPath, wsdlDoc.getDocumentElement());
More information about the jboss-cvs-commits
mailing list