Author: pabloduboue-guest Date: 2009-12-14 09:26:36 +0000 (Mon, 14 Dec 2009) New Revision: 11288
Removed: trunk/jetty/debian/patches/01_CVE_2009_3579.patch trunk/jetty/debian/patches/02_log_exploit.patch trunk/jetty/debian/patches/03_jsnoop-vul.patch Log: Removed old patches subsumed by new upstream version. Deleted: trunk/jetty/debian/patches/01_CVE_2009_3579.patch =================================================================== --- trunk/jetty/debian/patches/01_CVE_2009_3579.patch 2009-12-14 09:24:06 UTC (rev 11287) +++ trunk/jetty/debian/patches/01_CVE_2009_3579.patch 2009-12-14 09:26:36 UTC (rev 11288) @@ -1,41 +0,0 @@ -Description: Fixes CVE-2009-3579. -Origin: Fedora. - -diff -up ./examples/test-webapp/src/main/java/com/acme/CookieDump.java.fix ./examples/test-webapp/src/main/java/com/acme/CookieDump.java ---- a/examples/test-webapp/src/main/java/com/acme/CookieDump.java 2009-11-03 12:32:01.000000000 -0500 -+++ b/examples/test-webapp/src/main/java/com/acme/CookieDump.java 2009-11-03 12:33:52.000000000 -0500 -@@ -26,6 +26,8 @@ import javax.servlet.http.HttpServletReq - import javax.servlet.http.HttpServletResponse; - import javax.servlet.http.HttpSession; - -+import org.mortbay.util.StringUtil; -+ - - /* ------------------------------------------------------------ */ - /** Test Servlet Cookies. -@@ -89,7 +91,7 @@ public class CookieDump extends HttpServ - - for (int i=0;cookies!=null && i<cookies.length;i++) - { -- out.println("<b>"+cookies[i].getName()+"</b>="+cookies[i].getValue()+"<br/>"); -+ out.println("<b>"+deScript(cookies[i].getName())+"</b>="+deScript(cookies[i].getValue())+"<br/>"); - } - - out.println("<form action=\""+response.encodeURL(getURI(request))+"\" method=\"post\">"); -@@ -114,5 +116,15 @@ public class CookieDump extends HttpServ - uri=request.getRequestURI(); - return uri; - } -- -+ -+ /* ------------------------------------------------------------ */ -+ protected String deScript(String string) -+ { -+ if (string==null) -+ return null; -+ string=StringUtil.replace(string, "&", "&"); -+ string=StringUtil.replace(string, "<", "<"); -+ string=StringUtil.replace(string, ">", ">"); -+ return string; -+ } - } Deleted: trunk/jetty/debian/patches/02_log_exploit.patch =================================================================== --- trunk/jetty/debian/patches/02_log_exploit.patch 2009-12-14 09:24:06 UTC (rev 11287) +++ trunk/jetty/debian/patches/02_log_exploit.patch 2009-12-14 09:26:36 UTC (rev 11288) @@ -1,324 +0,0 @@ -Description: Prevents jetty from writing binary characters to log-files. -Origin: Fedora - -diff -up ./modules/jetty/src/main/java/org/mortbay/jetty/handler/ErrorHandler.java.fix2 ./modules/jetty/src/main/java/org/mortbay/jetty/handler/ErrorHandler.java ---- a/modules/jetty/src/main/java/org/mortbay/jetty/handler/ErrorHandler.java 2009-11-03 12:45:36.000000000 -0500 -+++ b/modules/jetty/src/main/java/org/mortbay/jetty/handler/ErrorHandler.java 2009-11-03 12:47:35.000000000 -0500 -@@ -91,8 +91,7 @@ public class ErrorHandler extends Abstra - writer.write("<title>Error "); - writer.write(Integer.toString(code)); - writer.write(' '); -- if (message!=null) -- writer.write(deScript(message)); -+ write(writer,message); - writer.write("</title>\n"); - } - -@@ -117,9 +116,9 @@ public class ErrorHandler extends Abstra - writer.write("<h2>HTTP ERROR "); - writer.write(Integer.toString(code)); - writer.write("</h2>\n<p>Problem accessing "); -- writer.write(deScript(uri)); -+ write(writer,uri); - writer.write(". Reason:\n<pre> "); -- writer.write(deScript(message)); -+ write(writer,message); - writer.write("</pre></p>"); - } - -@@ -135,7 +134,7 @@ public class ErrorHandler extends Abstra - PrintWriter pw = new PrintWriter(sw); - th.printStackTrace(pw); - pw.flush(); -- writer.write(deScript(sw.getBuffer().toString())); -+ write(writer,sw.getBuffer().toString()); - writer.write("</pre>\n"); - - th =th.getCause(); -@@ -162,13 +161,34 @@ public class ErrorHandler extends Abstra - } - - /* ------------------------------------------------------------ */ -- protected String deScript(String string) -+ protected void write(Writer writer,String string) -+ throws IOException - { - if (string==null) -- return null; -- string=StringUtil.replace(string, "&", "&"); -- string=StringUtil.replace(string, "<", "<"); -- string=StringUtil.replace(string, ">", ">"); -- return string; -+ return; -+ -+ for (int i=0;i<string.length();i++) -+ { -+ char c=string.charAt(i); -+ -+ switch(c) -+ { -+ case '&' : -+ writer.write("&"); -+ break; -+ case '<' : -+ writer.write("<"); -+ break; -+ case '>' : -+ writer.write(">"); -+ break; -+ -+ default: -+ if (Character.isISOControl(c) && !Character.isWhitespace(c)) -+ writer.write('?'); -+ else -+ writer.write(c); -+ } -+ } - } - } -diff -up ./modules/jetty/src/main/java/org/mortbay/jetty/HttpParser.java.fix2 ./modules/jetty/src/main/java/org/mortbay/jetty/HttpParser.java ---- a/modules/jetty/src/main/java/org/mortbay/jetty/HttpParser.java 2009-11-03 12:46:07.000000000 -0500 -+++ b/modules/jetty/src/main/java/org/mortbay/jetty/HttpParser.java 2009-11-03 12:47:35.000000000 -0500 -@@ -465,7 +465,15 @@ public class HttpParser implements Parse - case HttpHeaders.CONTENT_LENGTH_ORDINAL: - if (_contentLength != HttpTokens.CHUNKED_CONTENT) - { -- _contentLength=BufferUtil.toLong(value); -+ try -+ { -+ _contentLength=BufferUtil.toLong(value); -+ } -+ catch(NumberFormatException e) -+ { -+ Log.ignore(e); -+ throw new HttpException(HttpServletResponse.SC_BAD_REQUEST); -+ } - if (_contentLength <= 0) - _contentLength=HttpTokens.NO_CONTENT; - } -diff -up ./modules/util/src/main/java/org/mortbay/log/StdErrLog.java.fix2 ./modules/util/src/main/java/org/mortbay/log/StdErrLog.java ---- a/modules/util/src/main/java/org/mortbay/log/StdErrLog.java 2009-11-03 12:47:02.000000000 -0500 -+++ b/modules/util/src/main/java/org/mortbay/log/StdErrLog.java 2009-11-03 12:48:00.000000000 -0500 -@@ -26,8 +26,10 @@ import org.mortbay.util.DateCache; - public class StdErrLog implements Logger - { - private static DateCache _dateCache; -- private static boolean debug = System.getProperty("DEBUG",null)!=null; -- private String name; -+ private static boolean __debug = System.getProperty("DEBUG",null)!=null; -+ private String _name; -+ -+ StringBuffer _buffer = new StringBuffer(); - - static - { -@@ -49,44 +51,59 @@ public class StdErrLog implements Logger - - public StdErrLog(String name) - { -- this.name=name==null?"":name; -+ this._name=name==null?"":name; - } - - public boolean isDebugEnabled() - { -- return debug; -+ return __debug; - } - - public void setDebugEnabled(boolean enabled) - { -- debug=enabled; -+ __debug=enabled; - } - - public void info(String msg,Object arg0, Object arg1) - { - String d=_dateCache.now(); - int ms=_dateCache.lastMs(); -- System.err.println(d+(ms>99?".":(ms>9?".0":".00"))+ms+":"+name+":INFO: "+format(msg,arg0,arg1)); -+ synchronized(_buffer) -+ { -+ tag(d,ms,":INFO:"); -+ format(msg,arg0,arg1); -+ System.err.println(_buffer.toString()); -+ } - } - - public void debug(String msg,Throwable th) - { -- if (debug) -+ if (__debug) - { - String d=_dateCache.now(); - int ms=_dateCache.lastMs(); -- System.err.println(d+(ms>99?".":(ms>9?".0":".00"))+ms+":"+name+":DEBUG: "+msg); -- if (th!=null) th.printStackTrace(); -+ synchronized(_buffer) -+ { -+ tag(d,ms,":DBUG:"); -+ format(msg); -+ format(th); -+ System.err.println(_buffer.toString()); -+ } - } - } - - public void debug(String msg,Object arg0, Object arg1) - { -- if (debug) -+ if (__debug) - { - String d=_dateCache.now(); - int ms=_dateCache.lastMs(); -- System.err.println(d+(ms>99?".":(ms>9?".0":".00"))+ms+":"+name+":DEBUG: "+format(msg,arg0,arg1)); -+ synchronized(_buffer) -+ { -+ tag(d,ms,":DBUG:"); -+ format(msg,arg0,arg1); -+ System.err.println(_buffer.toString()); -+ } - } - } - -@@ -94,42 +111,126 @@ public class StdErrLog implements Logger - { - String d=_dateCache.now(); - int ms=_dateCache.lastMs(); -- System.err.println(d+(ms>99?".":(ms>9?".0":".00"))+ms+":"+name+":WARN: "+format(msg,arg0,arg1)); -+ synchronized(_buffer) -+ { -+ tag(d,ms,":WARN:"); -+ format(msg,arg0,arg1); -+ System.err.println(_buffer.toString()); -+ } - } - - public void warn(String msg, Throwable th) - { - String d=_dateCache.now(); - int ms=_dateCache.lastMs(); -- System.err.println(d+(ms>99?".":(ms>9?".0":".00"))+ms+":"+name+":WARN: "+msg); -- if (th!=null) -- th.printStackTrace(); -+ synchronized(_buffer) -+ { -+ tag(d,ms,":WARN:"); -+ format(msg); -+ format(th); -+ System.err.println(_buffer.toString()); -+ } - } -- -- private String format(String msg, Object arg0, Object arg1) -+ -+ private void tag(String d,int ms,String tag) -+ { -+ _buffer.setLength(0); -+ _buffer.append(d); -+ if (ms>99) -+ _buffer.append('.'); -+ else if (ms>9) -+ _buffer.append(".0"); -+ else -+ _buffer.append(".00"); -+ _buffer.append(ms).append(tag).append(_name).append(':'); -+ } -+ -+ private void format(String msg, Object arg0, Object arg1) - { - int i0=msg.indexOf("{}"); - int i1=i0<0?-1:msg.indexOf("{}",i0+2); - -- if (arg1!=null && i1>=0) -- msg=msg.substring(0,i1)+arg1+msg.substring(i1+2); -- if (arg0!=null && i0>=0) -- msg=msg.substring(0,i0)+arg0+msg.substring(i0+2); -- return msg; -+ if (i0>=0) -+ { -+ format(msg.substring(0,i0)); -+ format(String.valueOf(arg0)); -+ -+ if (i1>=0) -+ { -+ format(msg.substring(i0+2,i1)); -+ format(String.valueOf(arg1)); -+ format(msg.substring(i1+2)); -+ } -+ else -+ { -+ format(msg.substring(i0+2)); -+ if (arg1!=null) -+ { -+ _buffer.append(' '); -+ format(String.valueOf(arg1)); -+ } -+ } -+ } -+ else -+ { -+ format(msg); -+ if (arg0!=null) -+ { -+ _buffer.append(' '); -+ format(String.valueOf(arg0)); -+ } -+ if (arg1!=null) -+ { -+ _buffer.append(' '); -+ format(String.valueOf(arg1)); -+ } -+ } -+ } -+ -+ private void format(String msg) -+ { -+ for (int i=0;i<msg.length();i++) -+ { -+ char c=msg.charAt(i); -+ if (Character.isISOControl(c)) -+ { -+ if (c=='\n') -+ _buffer.append('|'); -+ else if (c=='\r') -+ _buffer.append('<'); -+ else -+ _buffer.append('?'); -+ } -+ else -+ _buffer.append(c); -+ } -+ } -+ -+ private void format(Throwable th) -+ { -+ _buffer.append('\n'); -+ format(th.toString()); -+ StackTraceElement[] elements = th.getStackTrace(); -+ for (int i=0;elements!=null && i<elements.length;i++) -+ { -+ _buffer.append("\n\tat "); -+ format(elements[i].toString()); -+ } - } - - public Logger getLogger(String name) - { -- if ((name==null && this.name==null) || -- (name!=null && name.equals(this.name))) -+ if ((name==null && this._name==null) || -+ (name!=null && name.equals(this._name))) - return this; - return new StdErrLog(name); - } - - public String toString() - { -- return "STDERR"+name; -+ return "STDERR"+_name; - } -+ - - } - Deleted: trunk/jetty/debian/patches/03_jsnoop-vul.patch =================================================================== --- trunk/jetty/debian/patches/03_jsnoop-vul.patch 2009-12-14 09:24:06 UTC (rev 11287) +++ trunk/jetty/debian/patches/03_jsnoop-vul.patch 2009-12-14 09:26:36 UTC (rev 11288) @@ -1,18 +0,0 @@ -Description: Prevents javascript injection. - ---- a/examples/test-webapp/src/main/webapp/snoop.jsp 2009-11-27 23:59:43.417283321 +0100 -+++ a/examples/test-webapp/src/main/webapp/snoop.jsp 2009-11-28 00:00:19.801283807 +0100 -@@ -32,11 +32,11 @@ - </TR> - <TR> - <TH align=right>Path info:</TH> -- <TD><%= request.getPathInfo() %></TD> -+ <TD><%= request.getPathInfo().replaceAll("<", "<").replaceAll(">",">") %></TD> - </TR> - <TR> - <TH align=right>Path translated:</TH> -- <TD><%= request.getPathTranslated() %></TD> -+ <TD><%= request.getPathTranslated().replaceAll("<", "<").replaceAll(">",">") %></TD> - </TR> - <TR> - <TH align=right>Query string:</TH> _______________________________________________ pkg-java-commits mailing list pkg-java-comm...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-commits