Hello community, here is the log from the commit of package tomcat6 checked in at Fri Jul 11 23:37:17 CEST 2008. -------- --- tomcat6/tomcat6.changes 2008-05-06 10:13:04.000000000 +0200 +++ tomcat6/tomcat6.changes 2008-06-27 14:49:33.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Jun 27 14:47:03 CEST 2008 - mvyskocil@suse.cz + +- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability +- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir + - the temp directory is in /var/cache/tomcat6/temp + +------------------------------------------------------------------- New: ---- apache-tomcat-CVE-2008-1947.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomcat6.spec ++++++ --- /var/tmp/diff_new_pack.fw5227/_old 2008-07-11 23:35:47.000000000 +0200 +++ /var/tmp/diff_new_pack.fw5227/_new 2008-07-11 23:35:47.000000000 +0200 @@ -24,12 +24,12 @@ %define homedir %{_datadir}/%{name} %define libdir %{_javadir}/%{name} %define logdir %{_localstatedir}/log/%{name} -%define tempdir %{_localstatedir}/tmp/%{name} +%define tempdir %{_localstatedir}/cache/%{name}/temp %define workdir %{_localstatedir}/cache/%{name} Name: tomcat6 Version: %{major_version}.%{minor_version}.%{macro_version} -Release: 5 +Release: 8 Summary: Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API Group: Productivity/Networking/Web/Servers License: The Apache Software License @@ -40,6 +40,7 @@ Source3: %{name}-%{major_version}.%{minor_version}.sysconfig Source4: %{name}-%{major_version}.%{minor_version}.wrapper Patch0: %{name}-%{major_version}.%{minor_version}.bootstrap-MANIFEST.MF.patch +Patch1: apache-tomcat-CVE-2008-1947.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: ant @@ -173,6 +174,7 @@ %{__rm} -rf ${RPM_BUILD_DIR}/%{name}-%{version} %setup -q -c -T -a 0 %patch0 +%patch1 -b .sav1 %build pushd ${RPM_BUILD_DIR}/%{name}-%{version}/%{packdname} @@ -445,6 +447,10 @@ %{appdir}/examples %changelog +* Fri Jun 27 2008 mvyskocil@suse.cz +- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability +- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir + - the temp directory is in /var/cache/tomcat6/temp * Tue May 06 2008 mvyskocil@suse.cz - fixed a [bnc#383331] - Tomcat cannot compile JSPs - add a ecj requires for tomcat6-lib ++++++ apache-tomcat-CVE-2008-1947.patch ++++++ --- apache-tomcat-6.0.16-src/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java +++ apache-tomcat-6.0.16-src/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; +import java.net.URLEncoder; import java.text.MessageFormat; import java.util.Iterator; import java.util.Map; @@ -278,17 +279,20 @@ args = new Object[7]; args[0] = response.encodeURL (request.getContextPath() + - "/html/start?name=" + hostName); + "/html/start?name=" + + URLEncoder.encode(hostName)); args[1] = hostsStart; args[2] = response.encodeURL (request.getContextPath() + - "/html/stop?name=" + hostName); + "/html/stop?name=" + + URLEncoder.encode(hostName)); args[3] = hostsStop; args[4] = response.encodeURL (request.getContextPath() + - "/html/remove?name=" + hostName); + "/html/remove?name=" + + URLEncoder.encode(hostName)); args[5] = hostsRemove; - args[6] = hostName; + args[6] = RequestUtil.filter(hostName); if (host == this.host) { writer.print(MessageFormat.format( MANAGER_HOST_ROW_BUTTON_SECTION, args)); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org