~ubuntu-branches/ubuntu/natty/tomcat6/natty-proposed

Viewing changes to debian/patches/0015-CVE-2011-2204.patch

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2011-09-26 11:27:14 UTC
Revision ID: package-import@ubuntu.com-20110926112714-ngfuvuxfnr5oe2x8

Tags: 6.0.28-10ubuntu2.2

* SECURITY UPDATE: information disclosure via log file
  - debian/patches/0015-CVE-2011-2204.patch: fix logging in
    java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
    java/org/apache/catalina/users/MemoryUserDatabase.java,
    java/org/apache/catalina/users/MemoryUser.java.
  - CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
  untrusted web application.
  - debian/patches/0016-CVE-2011-2526.patch: check canonical name in
    java/org/apache/catalina/connector/LocalStrings.properties,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/LocalStrings.properties,
    java/org/apache/tomcat/util/net/AprEndpoint.java,
    java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
  (LP: #843701)
  - debian/patches/0017-CVE-2011-3190.patch: Properly handle request
    bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
    java/org/apache/coyote/ajp/AjpProcessor.java.
  - CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
  - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
    java/org/apache/catalina/authenticator/DigestAuthenticator.java,
    java/org/apache/catalina/authenticator/LocalStrings.properties,
    java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
    java/org/apache/catalina/realm/RealmBase.java,
    webapps/docs/config/valve.xml.
  - CVE-2011-1184

files added:
.pc/0015-CVE-2011-2204.patch

.pc/0015-CVE-2011-2204.patch/java

.pc/0015-CVE-2011-2204.patch/java/org

.pc/0015-CVE-2011-2204.patch/java/org/apache

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/mbeans

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/users

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/users/MemoryUser.java

.pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/users/MemoryUserDatabase.java

.pc/0016-CVE-2011-2526.patch

.pc/0016-CVE-2011-2526.patch/java

.pc/0016-CVE-2011-2526.patch/java/org

.pc/0016-CVE-2011-2526.patch/java/org/apache

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/connector

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/connector/LocalStrings.properties

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/connector/Request.java

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/servlets

.pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/servlets/DefaultServlet.java

.pc/0016-CVE-2011-2526.patch/java/org/apache/coyote

.pc/0016-CVE-2011-2526.patch/java/org/apache/coyote/http11

.pc/0016-CVE-2011-2526.patch/java/org/apache/coyote/http11/Http11AprProcessor.java

.pc/0016-CVE-2011-2526.patch/java/org/apache/coyote/http11/LocalStrings.properties

.pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat

.pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util

.pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util/net

.pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util/net/AprEndpoint.java

.pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util/net/NioEndpoint.java

.pc/0017-CVE-2011-3190.patch

.pc/0017-CVE-2011-3190.patch/java

.pc/0017-CVE-2011-3190.patch/java/org

.pc/0017-CVE-2011-3190.patch/java/org/apache

.pc/0017-CVE-2011-3190.patch/java/org/apache/coyote

.pc/0017-CVE-2011-3190.patch/java/org/apache/coyote/ajp

.pc/0017-CVE-2011-3190.patch/java/org/apache/coyote/ajp/AjpAprProcessor.java

.pc/0017-CVE-2011-3190.patch/java/org/apache/coyote/ajp/AjpProcessor.java

.pc/0018-CVE-2011-1184.patch

.pc/0018-CVE-2011-1184.patch/java

.pc/0018-CVE-2011-1184.patch/java/org

.pc/0018-CVE-2011-1184.patch/java/org/apache

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/authenticator

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/authenticator/DigestAuthenticator.java

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/authenticator/LocalStrings.properties

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/authenticator/mbeans-descriptors.xml

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/realm

.pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/realm/RealmBase.java

.pc/0018-CVE-2011-1184.patch/webapps

.pc/0018-CVE-2011-1184.patch/webapps/docs

.pc/0018-CVE-2011-1184.patch/webapps/docs/config

.pc/0018-CVE-2011-1184.patch/webapps/docs/config/valve.xml

debian/patches/0015-CVE-2011-2204.patch

debian/patches/0016-CVE-2011-2526.patch

debian/patches/0017-CVE-2011-3190.patch

debian/patches/0018-CVE-2011-1184.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

java/org/apache/catalina/authenticator/DigestAuthenticator.java

java/org/apache/catalina/authenticator/LocalStrings.properties

java/org/apache/catalina/authenticator/mbeans-descriptors.xml

java/org/apache/catalina/connector/LocalStrings.properties

java/org/apache/catalina/connector/Request.java

java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java

java/org/apache/catalina/realm/RealmBase.java

java/org/apache/catalina/servlets/DefaultServlet.java

java/org/apache/catalina/users/MemoryUser.java

java/org/apache/catalina/users/MemoryUserDatabase.java

java/org/apache/coyote/ajp/AjpAprProcessor.java

java/org/apache/coyote/ajp/AjpProcessor.java

java/org/apache/coyote/http11/Http11AprProcessor.java

java/org/apache/coyote/http11/LocalStrings.properties

java/org/apache/tomcat/util/net/AprEndpoint.java

java/org/apache/tomcat/util/net/NioEndpoint.java

webapps/docs/config/valve.xml

Show diffs side-by-side

added added

removed removed

debian/patches/0015-CVE-2011-2204.patch

Description: fix information disclosure via log file

Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1140071

Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632882

Index: tomcat6-6.0.28/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java

===================================================================

--- tomcat6-6.0.28.orig/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java 2011-09-20 10:25:53.391591677 -0400

+++ tomcat6-6.0.28/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java 2011-09-20 10:26:28.931591394 -0400

@@ -180,7 +180,7 @@

MBeanUtils.createMBean(group);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception creating group " + group + " MBean");

+ ("Exception creating group [" + groupname + "] MBean");

iae.initCause(e);

throw iae;

}

@@ -203,7 +203,7 @@

MBeanUtils.createMBean(role);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception creating role " + role + " MBean");

+ ("Exception creating role [" + rolename + "] MBean");

iae.initCause(e);

throw iae;

}

@@ -228,7 +228,7 @@

MBeanUtils.createMBean(user);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception creating user " + user + " MBean");

+ ("Exception creating user [" + username + "] MBean");

iae.initCause(e);

throw iae;

}

@@ -256,7 +256,7 @@

return (oname.toString());

} catch (MalformedObjectNameException e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Cannot create object name for group " + group);

+ ("Cannot create object name for group [" + groupname + "]");

iae.initCause(e);

throw iae;

}

@@ -283,7 +283,7 @@

return (oname.toString());

} catch (MalformedObjectNameException e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Cannot create object name for role " + role);

+ ("Cannot create object name for role [" + rolename + "]");

iae.initCause(e);

throw iae;

}

@@ -310,7 +310,7 @@

return (oname.toString());

} catch (MalformedObjectNameException e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Cannot create object name for user " + user);

+ ("Cannot create object name for user [" + username + "]");

iae.initCause(e);

throw iae;

}

@@ -335,7 +335,7 @@

database.removeGroup(group);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception destroying group " + group + " MBean");

+ ("Exception destroying group [" + groupname + "] MBean");

iae.initCause(e);

throw iae;

}

@@ -360,7 +360,7 @@

database.removeRole(role);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception destroying role " + role + " MBean");

+ ("Exception destroying role [" + rolename + "] MBean");

iae.initCause(e);

throw iae;

}

@@ -385,7 +385,7 @@

database.removeUser(user);

} catch (Exception e) {

IllegalArgumentException iae = new IllegalArgumentException

- ("Exception destroying user " + user + " MBean");

+ ("Exception destroying user [" + username + "] MBean");

iae.initCause(e);

throw iae;

}

Index: tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUserDatabase.java

===================================================================

--- tomcat6-6.0.28.orig/java/org/apache/catalina/users/MemoryUserDatabase.java 2011-09-20 10:26:11.651591530 -0400

+++ tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUserDatabase.java 2011-09-20 10:26:33.601591357 -0400

@@ -549,7 +549,7 @@

values = getUsers();

while (values.hasNext()) {

writer.print(" ");

- writer.println(values.next());

+ writer.println(((MemoryUser) values.next()).toXml());

100

}

101

102

// Print the file epilog

103

Index: tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUser.java

104

===================================================================

105

--- tomcat6-6.0.28.orig/java/org/apache/catalina/users/MemoryUser.java 2011-09-20 10:26:04.321591591 -0400

106

+++ tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUser.java 2011-09-20 10:26:31.391591375 -0400

107

@@ -246,7 +246,7 @@

108

* <code>username</code> or </code>name</code> for the username

109

* property.</p>

110

111

- public String toString() {

112

+ public String toXml() {

113

114

StringBuffer sb = new StringBuffer("<user username=\"");

115

sb.append(RequestUtil.filter(username));

116

@@ -293,5 +293,52 @@

117

118

}

119

120

+ /**

121

+ * <p>Return a String representation of this user.</p>

122

+ */

123

+ @Override

124

+ public String toString() {

125

126

+ StringBuilder sb = new StringBuilder("User username=\"");

127

+ sb.append(RequestUtil.filter(username));

128

+ sb.append("\"");

129

+ if (fullName != null) {

130

+ sb.append(", fullName=\"");

131

+ sb.append(RequestUtil.filter(fullName));

132

+ sb.append("\"");

133

+ }

134

+ synchronized (groups) {

135

+ if (groups.size() > 0) {

136

+ sb.append(", groups=\"");

137

+ int n = 0;

138

+ Iterator<Group> values = groups.iterator();

139

+ while (values.hasNext()) {

140

+ if (n > 0) {

141

+ sb.append(',');

142

+ }

143

+ n++;

144

+ sb.append(RequestUtil.filter(values.next().getGroupname()));

145

+ }

146

+ sb.append("\"");

147

+ }

148

+ }

149

+ synchronized (roles) {

150

+ if (roles.size() > 0) {

151

+ sb.append(", roles=\"");

152

+ int n = 0;

153

+ Iterator<Role> values = roles.iterator();

154

+ while (values.hasNext()) {

155

+ if (n > 0) {

156

+ sb.append(',');

157

+ }

158

+ n++;

159

+ sb.append(RequestUtil.filter(values.next().getRolename()));

160

+ }

161

+ sb.append("\"");

162

+ }

163

+ }

164

+ return (sb.toString());

165

+ }

166

167

168

}

Older »