Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
libtcnative-1-0
apache-tomcat-CVE-2010-1157.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2010-1157.patch of Package libtcnative-1-0
Index: tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/AuthenticatorBase.java =================================================================== --- tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/AuthenticatorBase.java (revision 936539) +++ tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/AuthenticatorBase.java (revision 936540) @@ -99,6 +99,11 @@ /** + * Default authentication realm name. + */ + protected static final String REALM_NAME = "Authentication required"; + + /** * The message digest algorithm to be used when generating session * identifiers. This must be an algorithm supported by the * <code>java.security.MessageDigest</code> class on your platform. Index: tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/DigestAuthenticator.java =================================================================== --- tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/DigestAuthenticator.java (revision 936539) +++ tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/DigestAuthenticator.java (revision 936540) @@ -406,8 +406,7 @@ // Get the realm name String realmName = config.getRealmName(); if (realmName == null) - realmName = request.getServerName() + ":" - + request.getServerPort(); + realmName = REALM_NAME; byte[] buffer = null; synchronized (md5Helper) { Index: tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/BasicAuthenticator.java =================================================================== --- tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/BasicAuthenticator.java (revision 936539) +++ tomcat6-6.0.18/apache-tomcat-6.0.18-src/java/org/apache/catalina/authenticator/BasicAuthenticator.java (revision 936540) @@ -194,9 +194,7 @@ CharChunk authenticateCC = authenticate.getCharChunk(); authenticateCC.append("Basic realm=\""); if (config.getRealmName() == null) { - authenticateCC.append(request.getServerName()); - authenticateCC.append(':'); - authenticateCC.append(Integer.toString(request.getServerPort())); + authenticateCC.append(REALM_NAME); } else { authenticateCC.append(config.getRealmName()); } Index: tomcat6-6.0.18/apache-tomcat-6.0.18-src/webapps/docs/realm-howto.xml =================================================================== --- tomcat6-6.0.18/apache-tomcat-6.0.18-src/webapps/docs/realm-howto.xml (revision 936539) +++ tomcat6-6.0.18/apache-tomcat-6.0.18-src/webapps/docs/realm-howto.xml (revision 936540) @@ -209,7 +209,11 @@ <code>{cleartext-password}</code> must be replaced with <code>{username}:{realm}:{cleartext-password}</code>. For example, in a development environment this might take the form - <code>testUser:localhost:8080:testPassword</code>.</p> + <code>testUser:Authentication required:testPassword</code>. The value for + <code>{realm}</code> is taken from the <code><realm-name></code> + element of the web application's <code><login-config></code>. If + not specified in web.xml, the default value of <code>Authentication + required</code> is used.</p> <p>To use either of the above techniques, the <code>$CATALINA_HOME/lib/catalina.jar</code> and
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor