diff options
author | lawrance <lawrance@FreeBSD.org> | 2006-09-11 20:56:36 +0800 |
---|---|---|
committer | lawrance <lawrance@FreeBSD.org> | 2006-09-11 20:56:36 +0800 |
commit | afa1721c763c8fc0fb3bd8e34a86ad6ca680d560 (patch) | |
tree | 4d552142b7ab73bbb2c7961a09a8ac32160e169b /www/jakarta-tomcat5 | |
parent | 44dac78037bf11f4b400b2b6f6f83a7aa9c5ef0f (diff) | |
download | freebsd-ports-gnome-afa1721c763c8fc0fb3bd8e34a86ad6ca680d560.tar.gz freebsd-ports-gnome-afa1721c763c8fc0fb3bd8e34a86ad6ca680d560.tar.zst freebsd-ports-gnome-afa1721c763c8fc0fb3bd8e34a86ad6ca680d560.zip |
Patch for a minor cross site scripting vulnerability, and bump PORTREVISION.
PR: ports/96468
Submitted by: Yann Golanski <yg2@york.ac.uk>
Security: VuXML: 26a08c77-32da-4dd7-a884-a76fc49aa824
Diffstat (limited to 'www/jakarta-tomcat5')
-rw-r--r-- | www/jakarta-tomcat5/Makefile | 6 | ||||
-rw-r--r-- | www/jakarta-tomcat5/files/patch-vuxml-26a08c77-32da-4dd7-a884-a76fc49aa824 | 93 |
2 files changed, 98 insertions, 1 deletions
diff --git a/www/jakarta-tomcat5/Makefile b/www/jakarta-tomcat5/Makefile index 383d9e3b6f5b..a42482379007 100644 --- a/www/jakarta-tomcat5/Makefile +++ b/www/jakarta-tomcat5/Makefile @@ -7,7 +7,7 @@ PORTNAME= jakarta-tomcat PORTVERSION= 5.0.30 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= www java MASTER_SITES= ${MASTER_SITE_APACHE_JAKARTA} MASTER_SITE_SUBDIR= tomcat-5/v${PORTVERSION}/bin @@ -62,6 +62,10 @@ SUB_LIST= AJP_1_3_PORT=${AJP_1_3_PORT} \ TOMCAT_VERSION=${MAJOR_VER:S/.//} \ USER=${TOMCAT_USER} +USE_DOS2UNIX= webapps/jsp-examples/jsp2/jspx/textRotate.jspx \ + webapps/jsp-examples/jsp2/el/functions.jsp \ + webapps/jsp-examples/jsp2/el/implicit-objects.jsp + .include <bsd.port.pre.mk> pre-patch: diff --git a/www/jakarta-tomcat5/files/patch-vuxml-26a08c77-32da-4dd7-a884-a76fc49aa824 b/www/jakarta-tomcat5/files/patch-vuxml-26a08c77-32da-4dd7-a884-a76fc49aa824 new file mode 100644 index 000000000000..a4a2f94a1a0a --- /dev/null +++ b/www/jakarta-tomcat5/files/patch-vuxml-26a08c77-32da-4dd7-a884-a76fc49aa824 @@ -0,0 +1,93 @@ +--- webapps/jsp-examples/jsp2/jspx/textRotate.jspx.orig Mon Sep 11 21:55:26 2006 ++++ webapps/jsp-examples/jsp2/jspx/textRotate.jspx Mon Sep 11 21:53:47 2006 +@@ -6,11 +6,12 @@ + <svg xmlns="http://www.w3.org/2000/svg" + width="450" height="500" viewBox="0 0 450 500" + xmlns:c="http://java.sun.com/jsp/jstl/core" ++ xmlns:fn="http://java.sun.com/jsp/jstl/functions" + xmlns:jsp="http://java.sun.com/JSP/Page"> + <jsp:directive.page contentType="image/svg+xml" /> + <title>JSP 2.0 JSPX</title> + <!-- select name parameter, or default to JSPX --> +- <c:set var="name" value='${empty param["name"] ? "JSPX" : param["name"]}'/> ++ <c:set var="name" value='${empty fn:escapeXml(param["name"]) ? "JSPX" : fn:escapeXml(param["name"])}'/> + <g id="testContent"> + <text class="title" x="50%" y="10%" font-size="15" text-anchor="middle" > + JSP 2.0 XML Syntax (.jspx) Demo</text> +--- webapps/jsp-examples/jsp2/el/functions.jsp.orig Mon Sep 11 21:55:56 2006 ++++ webapps/jsp-examples/jsp2/el/functions.jsp Mon Sep 11 21:51:56 2006 +@@ -13,6 +13,7 @@ + See the License for the specific language governing permissions and + limitations under the License. + --> ++<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> + <%@ taglib prefix="my" uri="http://jakarta.apache.org/tomcat/jsp2-example-taglib"%> + + <html> +@@ -30,7 +31,7 @@ + <blockquote> + <u><b>Change Parameter</b></u> + <form action="functions.jsp" method="GET"> +- foo = <input type="text" name="foo" value="${param['foo']}"> ++ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}"> + <input type="submit"> + </form> + <br> +@@ -42,19 +43,19 @@ + </thead> + <tr> + <td>\${param["foo"]}</td> +- <td>${param["foo"]} </td> ++ <td>${fn:escapeXml(param["foo"])} </td> + </tr> + <tr> + <td>\${my:reverse(param["foo"])}</td> +- <td>${my:reverse(param["foo"])} </td> ++ <td>${my:reverse(fn:escapeXml(param["foo"]))} </td> + </tr> + <tr> + <td>\${my:reverse(my:reverse(param["foo"]))}</td> +- <td>${my:reverse(my:reverse(param["foo"]))} </td> ++ <td>${my:reverse(my:reverse(fn:escapeXml(param["foo"])))} </td> + </tr> + <tr> + <td>\${my:countVowels(param["foo"])}</td> +- <td>${my:countVowels(param["foo"])} </td> ++ <td>${my:countVowels(fn:escapeXml(param["foo"]))} </td> + </tr> + </table> + </code> +--- webapps/jsp-examples/jsp2/el/implicit-objects.jsp.orig Mon Sep 11 21:55:56 2006 ++++ webapps/jsp-examples/jsp2/el/implicit-objects.jsp Mon Sep 11 21:52:32 2006 +@@ -13,6 +13,8 @@ + See the License for the specific language governing permissions and + limitations under the License. + --> ++<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> ++ + <html> + <head> + <title>JSP 2.0 Expression Language - Implicit Objects</title> +@@ -49,7 +51,7 @@ + <blockquote> + <u><b>Change Parameter</b></u> + <form action="implicit-objects.jsp" method="GET"> +- foo = <input type="text" name="foo" value="${param["foo"]}"> ++ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}"> + <input type="submit"> + </form> + <br> +@@ -61,11 +63,11 @@ + </thead> + <tr> + <td>\${param.foo}</td> +- <td>${param.foo} </td> ++ <td>${fn:escapeXml(param["foo"])} </td> + </tr> + <tr> + <td>\${param["foo"]}</td> +- <td>${param["foo"]} </td> ++ <td>${fn:escapeXml(param["foo"])} </td> + </tr> + <tr> + <td>\${header["host"]}</td> |