Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:6043
tomcat.openSUSE_Leap_42.1_Update
tomcat-8.0.32-CVE-2016-6796.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-8.0.32-CVE-2016-6796.patch of Package tomcat.openSUSE_Leap_42.1_Update
Index: java/org/apache/jasper/EmbeddedServletOptions.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- java/org/apache/jasper/EmbeddedServletOptions.java (date 1454441552000) +++ java/org/apache/jasper/EmbeddedServletOptions.java (revision ) @@ -669,6 +669,10 @@ * scratchdir */ String dir = config.getInitParameter("scratchdir"); + if (dir != null && Constants.IS_SECURITY_ENABLED) { + log.info(Localizer.getMessage("jsp.info.ignoreSetting", "scratchdir", dir)); + dir = null; + } if (dir != null) { scratchDir = new File(dir); } else { Index: webapps/docs/jasper-howto.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- webapps/docs/jasper-howto.xml (date 1454441552000) +++ webapps/docs/jasper-howto.xml (revision ) @@ -132,7 +132,7 @@ <li><strong>engineOptionsClass</strong> - Allows specifying the Options class used to configure Jasper. If not present, the default EmbeddedServletOptions -will be used. +will be used. This option is ignored if running under a SecurityManager. </li> <li><strong>errorOnUseBeanInvalidClassAttribute</strong> - Should Jasper issue @@ -185,7 +185,7 @@ <li><strong>scratchdir</strong> - What scratch directory should we use when compiling JSP pages? Default is the work directory for the current web -application.</li> +application. This option is ignored if running under a SecurityManager.</li> <li><strong>suppressSmap</strong> - Should the generation of SMAP info for JSR45 debugging be suppressed? <code>true</code> or <code>false</code>, default Index: conf/web.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>ISO-8859-1 =================================================================== --- conf/web.xml (date 1454441552000) +++ conf/web.xml (revision ) @@ -163,6 +163,8 @@ <!-- engineOptionsClass Allows specifying the Options class used to --> <!-- configure Jasper. If not present, the default --> <!-- EmbeddedServletOptions will be used. --> + <!-- This option is ignored when running under a --> + <!-- SecurityManager. --> <!-- --> <!-- errorOnUseBeanInvalidClassAttribute --> <!-- Should Jasper issue an error when the value of --> @@ -224,6 +226,8 @@ <!-- scratchdir What scratch directory should we use when --> <!-- compiling JSP pages? [default work directory --> <!-- for the current web application] --> + <!-- This option is ignored when running under a --> + <!-- SecurityManager. --> <!-- --> <!-- suppressSmap Should the generation of SMAP info for JSR45 --> <!-- debugging be suppressed? [false] --> Index: java/org/apache/jasper/servlet/JspServlet.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- java/org/apache/jasper/servlet/JspServlet.java (date 1454441552000) +++ java/org/apache/jasper/servlet/JspServlet.java (revision ) @@ -71,8 +71,8 @@ private ServletConfig config; private transient Options options; private transient JspRuntimeContext rctxt; - //jspFile for a jsp configured explicitly as a servlet, in environments where this configuration is - //translated into an init-param for this servlet. + // jspFile for a jsp configured explicitly as a servlet, in environments where this + // configuration is translated into an init-param for this servlet. private String jspFile; @@ -90,6 +90,11 @@ // Check for a custom Options implementation String engineOptionsName = config.getInitParameter("engineOptionsClass"); + if (Constants.IS_SECURITY_ENABLED && engineOptionsName != null) { + log.info(Localizer.getMessage( + "jsp.info.ignoreSetting", "engineOptionsClass", engineOptionsName)); + engineOptionsName = null; + } if (engineOptionsName != null) { // Instantiate the indicated Options implementation try { Index: java/org/apache/jasper/resources/LocalStrings.properties IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- java/org/apache/jasper/resources/LocalStrings.properties (date 1454441552000) +++ java/org/apache/jasper/resources/LocalStrings.properties (revision ) @@ -353,6 +353,7 @@ jsp.error.invalid.bean=The value for the useBean class attribute {0} is invalid. jsp.error.prefix.use_before_dcl=The prefix {0} specified in this tag directive has been previously used by an action in file {1} line {2}. jsp.error.lastModified=Unable to determine last modified date for file [{0}] +jsp.info.ignoreSetting=Ignored setting for [{0}] of [{1}] because a SecurityManager was enabled jsp.exception=An exception occurred processing JSP page {0} at line {1}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor