[pkg-java] r12779 - in trunk/tomcat6/debian: . patches
Torsten Werner
twerner at alioth.debian.org
Mon Jul 19 16:27:19 UTC 2010
Author: twerner
Date: 2010-07-19 16:27:18 +0000 (Mon, 19 Jul 2010)
New Revision: 12779
Added:
trunk/tomcat6/debian/patches/0010-Use-java.security.policy-file-in-catalina.sh.patch
Removed:
trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch
trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch
trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch
Modified:
trunk/tomcat6/debian/changelog
trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch
trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch
trunk/tomcat6/debian/patches/series
trunk/tomcat6/debian/watch
Log:
* New upstream release (Closes: #588813)
- Fixes CVE-2010-2227: DoS and information disclosure
* Remove 2 patches that were backports to 6.0.26.
Modified: trunk/tomcat6/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/changelog 2010-07-19 16:27:18 UTC (rev 12779)
@@ -1,10 +1,16 @@
-tomcat6 (6.0.26-6) UNRELEASED; urgency=low
+tomcat6 (6.0.28-1) unstable; urgency=low
+ [ Niels Thykier ]
* Removed depends on JREs for the library packages. It is no longer
required by the policy.
- -- Niels Thykier <niels at thykier.net> Mon, 05 Jul 2010 22:23:16 +0200
+ [ Torsten Werner ]
+ * New upstream release (Closes: #588813)
+ - Fixes CVE-2010-2227: DoS and information disclosure
+ * Remove 2 patches that were backports to 6.0.26.
+ -- Torsten Werner <twerner at debian.org> Mon, 19 Jul 2010 18:22:52 +0200
+
tomcat6 (6.0.26-5) unstable; urgency=medium
* Convert patches to dep3 format.
Modified: trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
===================================================================
--- trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -7,7 +7,7 @@
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/build.xml b/build.xml
-index 4073712..1e2ec83 100644
+index a77f604..376f810 100644
--- a/build.xml
+++ b/build.xml
@@ -469,7 +469,7 @@
@@ -19,7 +19,7 @@
<copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
file="${tomcat-native.tar.gz}" />
-@@ -505,6 +505,13 @@
+@@ -506,6 +506,13 @@
</fileset>
</copy>
@@ -33,7 +33,7 @@
<!-- Copy other regular webapps -->
<copy todir="${tomcat.build}/webapps">
<fileset dir="webapps">
-@@ -629,10 +636,6 @@
+@@ -630,10 +637,6 @@
</fileset>
</txt2html>
Modified: trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch
===================================================================
--- trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -22,7 +22,7 @@
public static final String OPENEJB_EJB_FACTORY =
Package + ".OpenEjbFactory";
diff --git a/webapps/docs/jndi-resources-howto.xml b/webapps/docs/jndi-resources-howto.xml
-index 259d733..4f8877e 100644
+index e721854..be94cd4 100644
--- a/webapps/docs/jndi-resources-howto.xml
+++ b/webapps/docs/jndi-resources-howto.xml
@@ -656,9 +656,9 @@ conn.close();
Modified: trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch
===================================================================
--- trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -7,10 +7,10 @@
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/bin/catalina.sh b/bin/catalina.sh
-index 2ef2323..5843b56 100755
+index b7a8aa9..a023a1e 100755
--- a/bin/catalina.sh
+++ b/bin/catalina.sh
-@@ -305,7 +305,7 @@ elif [ "$1" = "run" ]; then
+@@ -311,7 +311,7 @@ elif [ "$1" = "run" ]; then
elif [ "$1" = "start" ] ; then
if [ ! -z "$CATALINA_PID" ]; then
@@ -19,14 +19,14 @@
echo "PID file ($CATALINA_PID) found. Is Tomcat still running? Start aborted."
exit 1
fi
-@@ -363,12 +363,16 @@ elif [ "$1" = "stop" ] ; then
+@@ -369,12 +369,16 @@ elif [ "$1" = "stop" ] ; then
fi
if [ ! -z "$CATALINA_PID" ]; then
- if [ -f "$CATALINA_PID" ]; then
+ if [ -s "$CATALINA_PID" ]; then
kill -0 `cat $CATALINA_PID` >/dev/null 2>&1
- if [ $? -eq 1 ]; then
+ if [ $? -gt 0 ]; then
echo "PID file ($CATALINA_PID) found but no matching process was found. Stop aborted."
exit 1
fi
Copied: trunk/tomcat6/debian/patches/0010-Use-java.security.policy-file-in-catalina.sh.patch (from rev 12778, trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch)
===================================================================
--- trunk/tomcat6/debian/patches/0010-Use-java.security.policy-file-in-catalina.sh.patch (rev 0)
+++ trunk/tomcat6/debian/patches/0010-Use-java.security.policy-file-in-catalina.sh.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -0,0 +1,46 @@
+From: Adam Guthrie <asguthrie at gmail.com>
+Date: Mon, 28 Jun 2010 21:53:50 +0200
+Subject: [PATCH] Use java.security.policy file in catalina.sh
+
+Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
+file location when Tomcat is started with a security manager.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
+Bug-Debian: http://bugs.debian.org/585379
+Forwarded: not-needed
+---
+ bin/catalina.sh | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index a023a1e..1c4ae68 100755
+--- a/bin/catalina.sh
++++ b/bin/catalina.sh
+@@ -267,7 +267,7 @@ if [ "$1" = "debug" ] ; then
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -294,7 +294,7 @@ elif [ "$1" = "run" ]; then
+ exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -327,7 +327,7 @@ elif [ "$1" = "start" ] ; then
+ "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+--
Deleted: trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch
===================================================================
--- trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -1,286 +0,0 @@
-From: Marcus Better <marcus at better.se>
-Date: Mon, 28 Jun 2010 21:19:59 +0200
-Subject: [PATCH] avoid deadlock in WebappClassLoader
-
----
- java/org/apache/catalina/loader/ResourceEntry.java | 2 +-
- .../apache/catalina/loader/WebappClassLoader.java | 193 ++++++++++----------
- java/org/apache/jasper/servlet/JasperLoader.java | 4 +-
- 3 files changed, 99 insertions(+), 100 deletions(-)
-
-diff --git a/java/org/apache/catalina/loader/ResourceEntry.java b/java/org/apache/catalina/loader/ResourceEntry.java
-index d002a48..7d56590 100644
---- a/java/org/apache/catalina/loader/ResourceEntry.java
-+++ b/java/org/apache/catalina/loader/ResourceEntry.java
-@@ -47,7 +47,7 @@ public class ResourceEntry {
- /**
- * Loaded class.
- */
-- public Class loadedClass = null;
-+ public volatile Class loadedClass = null;
-
-
- /**
-diff --git a/java/org/apache/catalina/loader/WebappClassLoader.java b/java/org/apache/catalina/loader/WebappClassLoader.java
-index 5e5aa1a..0c9f8a5 100644
---- a/java/org/apache/catalina/loader/WebappClassLoader.java
-+++ b/java/org/apache/catalina/loader/WebappClassLoader.java
-@@ -1388,102 +1388,121 @@ public class WebappClassLoader
- *
- * @exception ClassNotFoundException if the class was not found
- */
-- public Class loadClass(String name, boolean resolve)
-+ public synchronized Class loadClass(String name, boolean resolve)
- throws ClassNotFoundException {
-
-- synchronized (name.intern()) {
-- if (log.isDebugEnabled())
-- log.debug("loadClass(" + name + ", " + resolve + ")");
-- Class clazz = null;
--
-- // Log access to stopped classloader
-- if (!started) {
-- try {
-- throw new IllegalStateException();
-- } catch (IllegalStateException e) {
-- log.info(sm.getString("webappClassLoader.stopped", name), e);
-- }
-+ if (log.isDebugEnabled())
-+ log.debug("loadClass(" + name + ", " + resolve + ")");
-+ Class clazz = null;
-+
-+ // Log access to stopped classloader
-+ if (!started) {
-+ try {
-+ throw new IllegalStateException();
-+ } catch (IllegalStateException e) {
-+ log.info(sm.getString("webappClassLoader.stopped", name), e);
- }
--
-- // (0) Check our previously loaded local class cache
-- clazz = findLoadedClass0(name);
-+ }
-+
-+ // (0) Check our previously loaded local class cache
-+ clazz = findLoadedClass0(name);
-+ if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Returning class from cache");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
-+ }
-+
-+ // (0.1) Check our previously loaded class cache
-+ clazz = findLoadedClass(name);
-+ if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Returning class from cache");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
-+ }
-+
-+ // (0.2) Try loading the class with the system class loader, to prevent
-+ // the webapp from overriding J2SE classes
-+ try {
-+ clazz = system.loadClass(name);
- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Returning class from cache");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
- }
--
-- // (0.1) Check our previously loaded class cache
-- clazz = findLoadedClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Returning class from cache");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-+ } catch (ClassNotFoundException e) {
-+ // Ignore
-+ }
-+
-+ // (0.5) Permission to access this class when using a SecurityManager
-+ if (securityManager != null) {
-+ int i = name.lastIndexOf('.');
-+ if (i >= 0) {
-+ try {
-+ securityManager.checkPackageAccess(name.substring(0,i));
-+ } catch (SecurityException se) {
-+ String error = "Security Violation, attempt to use " +
-+ "Restricted Class: " + name;
-+ log.info(error, se);
-+ throw new ClassNotFoundException(error, se);
-+ }
- }
--
-- // (0.2) Try loading the class with the system class loader, to prevent
-- // the webapp from overriding J2SE classes
-+ }
-+
-+ boolean delegateLoad = delegate || filter(name);
-+
-+ // (1) Delegate to our parent if requested
-+ if (delegateLoad) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Delegating to parent classloader1 " + parent);
-+ ClassLoader loader = parent;
-+ if (loader == null)
-+ loader = system;
- try {
-- clazz = system.loadClass(name);
-+ clazz = loader.loadClass(name);
- if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Loading class from parent");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
- }
- } catch (ClassNotFoundException e) {
-- // Ignore
-- }
--
-- // (0.5) Permission to access this class when using a SecurityManager
-- if (securityManager != null) {
-- int i = name.lastIndexOf('.');
-- if (i >= 0) {
-- try {
-- securityManager.checkPackageAccess(name.substring(0,i));
-- } catch (SecurityException se) {
-- String error = "Security Violation, attempt to use " +
-- "Restricted Class: " + name;
-- log.info(error, se);
-- throw new ClassNotFoundException(error, se);
-- }
-- }
-+ ;
- }
--
-- boolean delegateLoad = delegate || filter(name);
--
-- // (1) Delegate to our parent if requested
-- if (delegateLoad) {
-+ }
-+
-+ // (2) Search local repositories
-+ if (log.isDebugEnabled())
-+ log.debug(" Searching local repositories");
-+ try {
-+ clazz = findClass(name);
-+ if (clazz != null) {
- if (log.isDebugEnabled())
-- log.debug(" Delegating to parent classloader1 " + parent);
-- ClassLoader loader = parent;
-- if (loader == null)
-- loader = system;
-- try {
-- clazz = loader.loadClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Loading class from parent");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-- }
-- } catch (ClassNotFoundException e) {
-- ;
-- }
-+ log.debug(" Loading class from local repository");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
- }
--
-- // (2) Search local repositories
-+ } catch (ClassNotFoundException e) {
-+ ;
-+ }
-+
-+ // (3) Delegate to parent unconditionally
-+ if (!delegateLoad) {
- if (log.isDebugEnabled())
-- log.debug(" Searching local repositories");
-+ log.debug(" Delegating to parent classloader at end: " + parent);
-+ ClassLoader loader = parent;
-+ if (loader == null)
-+ loader = system;
- try {
-- clazz = findClass(name);
-+ clazz = loader.loadClass(name);
- if (clazz != null) {
- if (log.isDebugEnabled())
-- log.debug(" Loading class from local repository");
-+ log.debug(" Loading class from parent");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
-@@ -1491,30 +1510,10 @@ public class WebappClassLoader
- } catch (ClassNotFoundException e) {
- ;
- }
--
-- // (3) Delegate to parent unconditionally
-- if (!delegateLoad) {
-- if (log.isDebugEnabled())
-- log.debug(" Delegating to parent classloader at end: " + parent);
-- ClassLoader loader = parent;
-- if (loader == null)
-- loader = system;
-- try {
-- clazz = loader.loadClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Loading class from parent");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-- }
-- } catch (ClassNotFoundException e) {
-- ;
-- }
-- }
--
-- throw new ClassNotFoundException(name);
- }
-+
-+ throw new ClassNotFoundException(name);
-+
- }
-
-
-@@ -2469,7 +2468,7 @@ public class WebappClassLoader
- if (clazz != null)
- return clazz;
-
-- synchronized (name.intern()) {
-+ synchronized (this) {
- clazz = entry.loadedClass;
- if (clazz != null)
- return clazz;
-diff --git a/java/org/apache/jasper/servlet/JasperLoader.java b/java/org/apache/jasper/servlet/JasperLoader.java
-index 7a3b0f7..43d56cb 100644
---- a/java/org/apache/jasper/servlet/JasperLoader.java
-+++ b/java/org/apache/jasper/servlet/JasperLoader.java
-@@ -91,7 +91,7 @@ public class JasperLoader extends URLClassLoader {
- *
- * @exception ClassNotFoundException if the class was not found
- */
-- public Class loadClass(final String name, boolean resolve)
-+ public synchronized Class loadClass(final String name, boolean resolve)
- throws ClassNotFoundException {
-
- Class clazz = null;
-@@ -169,4 +169,4 @@ public class JasperLoader extends URLClassLoader {
- public final PermissionCollection getPermissions(CodeSource codeSource) {
- return permissionCollection;
- }
--}
-\ No newline at end of file
-+}
---
Deleted: trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch
===================================================================
--- trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -1,46 +0,0 @@
-From: Adam Guthrie <asguthrie at gmail.com>
-Date: Mon, 28 Jun 2010 21:53:50 +0200
-Subject: [PATCH] Use java.security.policy file in catalina.sh
-
-Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
-file location when Tomcat is started with a security manager.
-
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
-Bug-Debian: http://bugs.debian.org/585379
-Forwarded: not-needed
----
- bin/catalina.sh | 6 +++---
- 1 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/bin/catalina.sh b/bin/catalina.sh
-index 5843b56..783b382 100755
---- a/bin/catalina.sh
-+++ b/bin/catalina.sh
-@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../java \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
- exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
- "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
---
Deleted: trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch
===================================================================
--- trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -1,59 +0,0 @@
-From: Torsten Werner <twerner at debian.org>
-Date: Mon, 28 Jun 2010 21:39:20 +0200
-Subject: [PATCH] Prevent disclosure of host name or IP address
-
-Fix CVE-2010-1157. Prevent possible disclosure of host name or IP
-address via the HTTP WWW-Authenticate header when using BASIC or DIGEST
-authentication.
----
- .../catalina/authenticator/AuthenticatorBase.java | 5 +++++
- .../catalina/authenticator/BasicAuthenticator.java | 4 +---
- .../authenticator/DigestAuthenticator.java | 3 +--
- 3 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
-index aa425c7..9d1c182 100644
---- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
-+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
-@@ -99,6 +99,11 @@ public abstract class AuthenticatorBase
-
-
- /**
-+ * Default authentication realm name.
-+ */
-+ protected static final String REALM_NAME = "Authentication required";
-+
-+ /**
- * The message digest algorithm to be used when generating session
- * identifiers. This must be an algorithm supported by the
- * <code>java.security.MessageDigest</code> class on your platform.
-diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
-index 31ffaf9..b00859e 100644
---- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
-+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
-@@ -194,9 +194,7 @@ public class BasicAuthenticator
- CharChunk authenticateCC = authenticate.getCharChunk();
- authenticateCC.append("Basic realm=\"");
- if (config.getRealmName() == null) {
-- authenticateCC.append(request.getServerName());
-- authenticateCC.append(':');
-- authenticateCC.append(Integer.toString(request.getServerPort()));
-+ authenticateCC.append(REALM_NAME);
- } else {
- authenticateCC.append(config.getRealmName());
- }
-diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
-index 821e08f..ee5a46b 100644
---- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
-+++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
-@@ -406,8 +406,7 @@ public class DigestAuthenticator
- // Get the realm name
- String realmName = config.getRealmName();
- if (realmName == null)
-- realmName = request.getServerName() + ":"
-- + request.getServerPort();
-+ realmName = REALM_NAME;
-
- byte[] buffer = null;
- synchronized (md5Helper) {
---
Modified: trunk/tomcat6/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/patches/series 2010-07-19 16:27:18 UTC (rev 12779)
@@ -7,6 +7,4 @@
0007-add-OSGi-headers-to-servlet-api.patch
0008-add-OSGI-headers-to-jsp-api.patch
0009-allow-empty-PID-file.patch
-0010-avoid-deadlock-in-WebappClassLoader.patch
-0011-Use-java.security.policy-file-in-catalina.sh.patch
-0012-Prevent-disclosure-of-host-name-or-IP-address.patch
+0010-Use-java.security.policy-file-in-catalina.sh.patch
Modified: trunk/tomcat6/debian/watch
===================================================================
--- trunk/tomcat6/debian/watch 2010-07-18 16:02:41 UTC (rev 12778)
+++ trunk/tomcat6/debian/watch 2010-07-19 16:27:18 UTC (rev 12779)
@@ -1,3 +1,3 @@
version=3
opts=uversionmangle=s/_/./g \
- http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/ TOMCAT_([0-9_]*)/ debian debian/orig-tar.sh
+ http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/ TOMCAT_([0-9_]*[02468])/ debian debian/orig-tar.sh
More information about the pkg-java-commits
mailing list