geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r1146055 - in /geronimo/external/trunk/tomcat-parent-7.0.18: ./ catalina/src/main/java/org/apache/catalina/connector/ catalina/src/main/java/org/apache/catalina/core/ catalina/src/main/resources/org/apache/ catalina/src/main/resources/org/a...
Date Wed, 13 Jul 2011 14:30:11 GMT
Author: xuhaihong
Date: Wed Jul 13 14:30:10 2011
New Revision: 1146055

URL: http://svn.apache.org/viewvc?rev=1146055&view=rev
Log:
a. Merge changes from Tomcat trunk to rev.1146010
b. Update the README.txt file

Removed:
    geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/ServerInfo.properties
Modified:
    geronimo/external/trunk/tomcat-parent-7.0.18/README.txt
    geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/connector/Request.java
    geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/core/DefaultInstanceManager.java
    geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/catalina/connector/LocalStrings.properties

Modified: geronimo/external/trunk/tomcat-parent-7.0.18/README.txt
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.18/README.txt?rev=1146055&r1=1146054&r2=1146055&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.18/README.txt (original)
+++ geronimo/external/trunk/tomcat-parent-7.0.18/README.txt Wed Jul 13 14:30:10 2011
@@ -19,8 +19,8 @@ Use tomcat-archetype to build a new leve
 1. Update run.sh with the new Tomcat version number:
 
    # Update TVER and TTAGVER with the Tomcat version number in appropriate format
-   TVER=6.0.20
-   TTAGVER=6_0_20
+   TVER=7.0.18
+   TTAGVER=7_0_18
 
 2. From parent directory of tomcat-archetype, execute run.sh (assumes that subversion 1.5
or greater)
 
@@ -31,3 +31,5 @@ Use tomcat-archetype to build a new leve
    This removes the archetype scripts that aren't needed in the maven project.  
 
 4. Apply patches to tomcat-parent-7.0.18/
+   a. Merge the changes from Tomcat trunk rev.1146010, except the changes in rev.1144690
(It breaks the our component dependencies)
+   b. Apply the patch GERONIMO-5622

Modified: geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/connector/Request.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/connector/Request.java?rev=1146055&r1=1146054&r2=1146055&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/connector/Request.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/connector/Request.java
Wed Jul 13 14:30:10 2011
@@ -1525,6 +1525,26 @@ public class Request
             return;
         }
 
+        // Do the security check before any updates are made
+        if (Globals.IS_SECURITY_ENABLED &&
+                name.equals("org.apache.tomcat.sendfile.filename")) {
+            // Use the canonical file name to avoid any possible symlink and
+            // relative path issues
+            String canonicalPath;
+            try {
+                canonicalPath = new File(value.toString()).getCanonicalPath();
+            } catch (IOException e) {
+                throw new SecurityException(sm.getString(
+                        "coyoteRequest.sendfileNotCanonical", value), e);
+            }
+            // Sendfile is performed in Tomcat's security context so need to
+            // check if the web app is permitted to access the file while still
+            // in the web app's security context
+            System.getSecurityManager().checkRead(canonicalPath);
+            // Update the value so the canonical path is used
+            value = canonicalPath;
+        }
+
         oldValue = attributes.put(name, value);
         if (oldValue != null) {
             replaced = true;

Modified: geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/core/DefaultInstanceManager.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/core/DefaultInstanceManager.java?rev=1146055&r1=1146054&r2=1146055&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/core/DefaultInstanceManager.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/java/org/apache/catalina/core/DefaultInstanceManager.java
Wed Jul 13 14:30:10 2011
@@ -429,7 +429,7 @@ public class DefaultInstanceManager impl
     private void checkAccess(Class<?> clazz, Properties restricted) {
         while (clazz != null) {
             if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
-                throw new SecurityException("Restricted class" + clazz);
+                throw new SecurityException("Restricted " + clazz);
             }
             clazz = clazz.getSuperclass();
         }

Modified: geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/catalina/connector/LocalStrings.properties
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/catalina/connector/LocalStrings.properties?rev=1146055&r1=1146054&r2=1146055&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/catalina/connector/LocalStrings.properties
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.18/catalina/src/main/resources/org/apache/catalina/connector/LocalStrings.properties
Wed Jul 13 14:30:10 2011
@@ -66,6 +66,7 @@ coyoteRequest.noLoginConfig=No authentic
 coyoteRequest.authenticate.ise=Cannot call authenticate() after the reponse has been committed
 coyoteRequest.uploadLocationInvalid=The temporary upload location [{0}] is not valid
 coyoteRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling
request
+coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified
for use with sendfile
 
 requestFacade.nullRequest=The request object has been recycled and is no longer associated
with this facade
 



Mime
View raw message