← Back to branch summary

~ubuntu-branches/ubuntu/precise/tomcat7/precise-proposed

« back to all changes in this revision

Viewing changes to debian/patches/0012-CVE-2011-2204.patch

  • Committer: Bazaar Package Importer
  • Author(s): tony mancill
  • Date: 2011-07-25 22:58:33 UTC
  • mfrom: (1.1.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20110725225833-1t773ak3y3g9utm2
Tags: 7.0.19-1
http://bugs.debian.org/634992
* Team upload.
* New upstream release.
  - Includes fix for CVE-2011-2526 (Closes: #634992)
* Remove patch for CVE-2011-2204 (included upstream).

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/0012-CVE-2011-2204.patch
1
 
Index: trunk/java/org/apache/catalina/users/MemoryUser.java
2
 
===================================================================
3
 
--- a/java/org/apache/catalina/users/MemoryUser.java    (revision 1140069)
4
 
+++ b/java/org/apache/catalina/users/MemoryUser.java    (revision 1140070)
5
 
@@ -257,8 +257,7 @@
6
 
      * <code>username</code> or </code>name</code> for the username
7
 
      * property.</p>
8
 
      */
9
 
-    @Override
10
 
-    public String toString() {
11
 
+    public String toXml() {
12
 
 
13
 
         StringBuilder sb = new StringBuilder("<user username=\"");
14
 
         sb.append(RequestUtil.filter(username));
15
 
@@ -305,5 +304,52 @@
16
 
 
17
 
     }
18
 
 
19
 
+    /**
20
 
+     * <p>Return a String representation of this user.</p>
21
 
+     */
22
 
+    @Override
23
 
+    public String toString() {
24
 
 
25
 
+        StringBuilder sb = new StringBuilder("User username=\"");
26
 
+        sb.append(RequestUtil.filter(username));
27
 
+        sb.append("\"");
28
 
+        if (fullName != null) {
29
 
+            sb.append(", fullName=\"");
30
 
+            sb.append(RequestUtil.filter(fullName));
31
 
+            sb.append("\"");
32
 
+        }
33
 
+        synchronized (groups) {
34
 
+            if (groups.size() > 0) {
35
 
+                sb.append(", groups=\"");
36
 
+                int n = 0;
37
 
+                Iterator<Group> values = groups.iterator();
38
 
+                while (values.hasNext()) {
39
 
+                    if (n > 0) {
40
 
+                        sb.append(',');
41
 
+                    }
42
 
+                    n++;
43
 
+                    sb.append(RequestUtil.filter(values.next().getGroupname()));
44
 
+                }
45
 
+                sb.append("\"");
46
 
+            }
47
 
+        }
48
 
+        synchronized (roles) {
49
 
+            if (roles.size() > 0) {
50
 
+                sb.append(", roles=\"");
51
 
+                int n = 0;
52
 
+                Iterator<Role> values = roles.iterator();
53
 
+                while (values.hasNext()) {
54
 
+                    if (n > 0) {
55
 
+                        sb.append(',');
56
 
+                    }
57
 
+                    n++;
58
 
+                    sb.append(RequestUtil.filter(values.next().getRolename()));
59
 
+                }
60
 
+                sb.append("\"");
61
 
+            }
62
 
+        }
63
 
+        return (sb.toString());
64
 
+    }
65
 
+
66
 
+
67
 
 }
68
 
Index: trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
69
 
===================================================================
70
 
--- a/java/org/apache/catalina/users/MemoryUserDatabase.java    (revision 1140069)
71
 
+++ b/java/org/apache/catalina/users/MemoryUserDatabase.java    (revision 1140070)
72
 
@@ -585,7 +585,7 @@
73
 
             values = getUsers();
74
 
             while (values.hasNext()) {
75
 
                 writer.print("  ");
76
 
-                writer.println(values.next());
77
 
+                writer.println(((MemoryUser) values.next()).toXml());
78
 
             }
79
 
 
80
 
             // Print the file epilog
81
 
Index: trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
82
 
===================================================================
83
 
--- a/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java      (revision 1140069)
84
 
+++ b/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java      (revision 1140070)
85
 
@@ -173,7 +173,7 @@
86
 
             MBeanUtils.createMBean(group);
87
 
         } catch (Exception e) {
88
 
             IllegalArgumentException iae = new IllegalArgumentException
89
 
-                ("Exception creating group " + group + " MBean");
90
 
+                ("Exception creating group [" + groupname + "] MBean");
91
 
             iae.initCause(e);
92
 
             throw iae;
93
 
         }
94
 
@@ -196,7 +196,7 @@
95
 
             MBeanUtils.createMBean(role);
96
 
         } catch (Exception e) {
97
 
             IllegalArgumentException iae = new IllegalArgumentException
98
 
-                ("Exception creating role " + role + " MBean");
99
 
+                ("Exception creating role [" + rolename + "] MBean");
100
 
             iae.initCause(e);
101
 
             throw iae;
102
 
         }
103
 
@@ -221,7 +221,7 @@
104
 
             MBeanUtils.createMBean(user);
105
 
         } catch (Exception e) {
106
 
             IllegalArgumentException iae = new IllegalArgumentException
107
 
-                ("Exception creating user " + user + " MBean");
108
 
+                ("Exception creating user [" + username + "] MBean");
109
 
             iae.initCause(e);
110
 
             throw iae;
111
 
         }
112
 
@@ -249,7 +249,7 @@
113
 
             return (oname.toString());
114
 
         } catch (MalformedObjectNameException e) {
115
 
             IllegalArgumentException iae = new IllegalArgumentException
116
 
-                ("Cannot create object name for group " + group);
117
 
+                ("Cannot create object name for group [" + groupname + "]");
118
 
             iae.initCause(e);
119
 
             throw iae;
120
 
         }
121
 
@@ -276,7 +276,7 @@
122
 
             return (oname.toString());
123
 
         } catch (MalformedObjectNameException e) {
124
 
             IllegalArgumentException iae = new IllegalArgumentException
125
 
-                ("Cannot create object name for role " + role);
126
 
+                ("Cannot create object name for role [" + rolename + "]");
127
 
             iae.initCause(e);
128
 
             throw iae;
129
 
         }
130
 
@@ -303,7 +303,7 @@
131
 
             return (oname.toString());
132
 
         } catch (MalformedObjectNameException e) {
133
 
             IllegalArgumentException iae = new IllegalArgumentException
134
 
-                ("Cannot create object name for user " + user);
135
 
+                ("Cannot create object name for user [" + username + "]");
136
 
             iae.initCause(e);
137
 
             throw iae;
138
 
         }
139
 
@@ -328,7 +328,7 @@
140
 
             database.removeGroup(group);
141
 
         } catch (Exception e) {
142
 
             IllegalArgumentException iae = new IllegalArgumentException
143
 
-                ("Exception destroying group " + group + " MBean");
144
 
+                ("Exception destroying group [" + groupname + "] MBean");
145
 
             iae.initCause(e);
146
 
             throw iae;
147
 
         }
148
 
@@ -353,7 +353,7 @@
149
 
             database.removeRole(role);
150
 
         } catch (Exception e) {
151
 
             IllegalArgumentException iae = new IllegalArgumentException
152
 
-                ("Exception destroying role " + role + " MBean");
153
 
+                ("Exception destroying role [" + rolename + "] MBean");
154
 
             iae.initCause(e);
155
 
             throw iae;
156
 
         }
157
 
@@ -378,7 +378,7 @@
158
 
             database.removeUser(user);
159
 
         } catch (Exception e) {
160
 
             IllegalArgumentException iae = new IllegalArgumentException
161
 
-                ("Exception destroying user " + user + " MBean");
162
 
+                ("Exception destroying user [" + username + "] MBean");
163
 
             iae.initCause(e);
164
 
             throw iae;
165
 
         }