File tomcat-8.0.32-CVE-2016-6796.patch of Package tomcat.openSUSE_Leap_42.1_Update

Overview Repositories Revisions Requests Users Attributes Meta

File tomcat-8.0.32-CVE-2016-6796.patch of Package tomcat.openSUSE_Leap_42.1_Update (Revision 457653e2fef2e3796c86c9104248b646)

Currently displaying revision 457653e2fef2e3796c86c9104248b646 , Show latest

Index: java/org/apache/jasper/EmbeddedServletOptions.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- java/org/apache/jasper/EmbeddedServletOptions.java	(date 1454441552000)
+++ java/org/apache/jasper/EmbeddedServletOptions.java	(revision )
@@ -669,6 +669,10 @@
 * scratchdir
 */
 String dir = config.getInitParameter("scratchdir");
+ if (dir != null && Constants.IS_SECURITY_ENABLED) {
+ log.info(Localizer.getMessage("jsp.info.ignoreSetting", "scratchdir", dir));
+ dir = null;
+ }
 if (dir != null) {
 scratchDir = new File(dir);
 } else {
Index: webapps/docs/jasper-howto.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- webapps/docs/jasper-howto.xml	(date 1454441552000)
+++ webapps/docs/jasper-howto.xml	(revision )
@@ -132,7 +132,7 @@
 
 <li>engineOptionsClass - Allows specifying the Options class
 used to configure Jasper. If not present, the default EmbeddedServletOptions
-will be used.
+will be used. This option is ignored if running under a SecurityManager.
 </li>
 
 <li>errorOnUseBeanInvalidClassAttribute - Should Jasper issue
@@ -185,7 +185,7 @@
 
 <li>scratchdir - What scratch directory should we use when
 compiling JSP pages? Default is the work directory for the current web
-application.</li>
+application. This option is ignored if running under a SecurityManager.</li>
 
 <li>suppressSmap - Should the generation of SMAP info for JSR45
 debugging be suppressed? <code>true</code> or <code>false</code>, default
Index: conf/web.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>ISO-8859-1
===================================================================
--- conf/web.xml	(date 1454441552000)
+++ conf/web.xml	(revision )
@@ -163,6 +163,8 @@
 
 
 
+ 
+ 
 
 
 
@@ -224,6 +226,8 @@
 
 
 
+ 
+ 
 
 
 
Index: java/org/apache/jasper/servlet/JspServlet.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- java/org/apache/jasper/servlet/JspServlet.java	(date 1454441552000)
+++ java/org/apache/jasper/servlet/JspServlet.java	(revision )
@@ -71,8 +71,8 @@
 private ServletConfig config;
 private transient Options options;
 private transient JspRuntimeContext rctxt;
- //jspFile for a jsp configured explicitly as a servlet, in environments where this configuration is
- //translated into an init-param for this servlet.
+ // jspFile for a jsp configured explicitly as a servlet, in environments where this
+ // configuration is translated into an init-param for this servlet.
 private String jspFile;
 
 
@@ -90,6 +90,11 @@
 // Check for a custom Options implementation
 String engineOptionsName =
 config.getInitParameter("engineOptionsClass");
+ if (Constants.IS_SECURITY_ENABLED && engineOptionsName != null) {
+ log.info(Localizer.getMessage(
+ "jsp.info.ignoreSetting", "engineOptionsClass", engineOptionsName));
+ engineOptionsName = null;
+ }
 if (engineOptionsName != null) {
 // Instantiate the indicated Options implementation
 try {
Index: java/org/apache/jasper/resources/LocalStrings.properties
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- java/org/apache/jasper/resources/LocalStrings.properties	(date 1454441552000)
+++ java/org/apache/jasper/resources/LocalStrings.properties	(revision )
@@ -353,6 +353,7 @@
 jsp.error.invalid.bean=The value for the useBean class attribute {0} is invalid.
 jsp.error.prefix.use_before_dcl=The prefix {0} specified in this tag directive has been previously used by an action in file {1} line {2}.
 jsp.error.lastModified=Unable to determine last modified date for file [{0}]
+jsp.info.ignoreSetting=Ignored setting for [{0}] of [{1}] because a SecurityManager was enabled
 
 jsp.exception=An exception occurred processing JSP page {0} at line {1}

Places

File tomcat-8.0.32-CVE-2016-6796.patch of Package tomcat.openSUSE_Leap_42.1_Update (Revision 457653e2fef2e3796c86c9104248b646)

Places