Mailinglist Archive: opensuse-commit (875 mails)
| < Previous | Next > |
commit tomcat6
- From: root@xxxxxxxxxxxxxxx (h_root)
- Date: Fri, 11 Jul 2008 23:37:17 +0200
- Message-id: <20080711213717.B2105678178@xxxxxxxxxxxxxxx>
Hello community,
here is the log from the commit of package tomcat6
checked in at Fri Jul 11 23:37:17 CEST 2008.
--------
--- tomcat6/tomcat6.changes 2008-05-06 10:13:04.000000000 +0200
+++ tomcat6/tomcat6.changes 2008-06-27 14:49:33.000000000 +0200
@@ -1,0 +2,7 @@
+Fri Jun 27 14:47:03 CEST 2008 - mvyskocil@xxxxxxx
+
+- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat
host-manager XSS vulnerability
+- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir
+ - the temp directory is in /var/cache/tomcat6/temp
+
+-------------------------------------------------------------------
New:
----
apache-tomcat-CVE-2008-1947.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tomcat6.spec ++++++
--- /var/tmp/diff_new_pack.fw5227/_old 2008-07-11 23:35:47.000000000 +0200
+++ /var/tmp/diff_new_pack.fw5227/_new 2008-07-11 23:35:47.000000000 +0200
@@ -24,12 +24,12 @@
%define homedir %{_datadir}/%{name}
%define libdir %{_javadir}/%{name}
%define logdir %{_localstatedir}/log/%{name}
-%define tempdir %{_localstatedir}/tmp/%{name}
+%define tempdir %{_localstatedir}/cache/%{name}/temp
%define workdir %{_localstatedir}/cache/%{name}
Name: tomcat6
Version: %{major_version}.%{minor_version}.%{macro_version}
-Release: 5
+Release: 8
Summary: Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
Group: Productivity/Networking/Web/Servers
License: The Apache Software License
@@ -40,6 +40,7 @@
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
Source4: %{name}-%{major_version}.%{minor_version}.wrapper
Patch0:
%{name}-%{major_version}.%{minor_version}.bootstrap-MANIFEST.MF.patch
+Patch1: apache-tomcat-CVE-2008-1947.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
BuildRequires: ant
@@ -173,6 +174,7 @@
%{__rm} -rf ${RPM_BUILD_DIR}/%{name}-%{version}
%setup -q -c -T -a 0
%patch0
+%patch1 -b .sav1
%build
pushd ${RPM_BUILD_DIR}/%{name}-%{version}/%{packdname}
@@ -445,6 +447,10 @@
%{appdir}/examples
%changelog
+* Fri Jun 27 2008 mvyskocil@xxxxxxx
+- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat
host-manager XSS vulnerability
+- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir
+ - the temp directory is in /var/cache/tomcat6/temp
* Tue May 06 2008 mvyskocil@xxxxxxx
- fixed a [bnc#383331] - Tomcat cannot compile JSPs
- add a ecj requires for tomcat6-lib
++++++ apache-tomcat-CVE-2008-1947.patch ++++++
---
apache-tomcat-6.0.16-src/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
+++
apache-tomcat-6.0.16-src/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -278,17 +279,20 @@
args = new Object[7];
args[0] = response.encodeURL
(request.getContextPath() +
- "/html/start?name=" + hostName);
+ "/html/start?name=" +
+ URLEncoder.encode(hostName));
args[1] = hostsStart;
args[2] = response.encodeURL
(request.getContextPath() +
- "/html/stop?name=" + hostName);
+ "/html/stop?name=" +
+ URLEncoder.encode(hostName));
args[3] = hostsStop;
args[4] = response.encodeURL
(request.getContextPath() +
- "/html/remove?name=" + hostName);
+ "/html/remove?name=" +
+ URLEncoder.encode(hostName));
args[5] = hostsRemove;
- args[6] = hostName;
+ args[6] = RequestUtil.filter(hostName);
if (host == this.host) {
writer.print(MessageFormat.format(
MANAGER_HOST_ROW_BUTTON_SECTION, args));
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx
| < Previous | Next > |