svn commit: r1557724 - in /tomcat/tc6.0.x/trunk: STATUS.txt dist.xml webapps/docs/changelog.xml

Mon, 13 Jan 2014 07:26:23 -0800 

Author: markt
Date: Mon Jan 13 14:15:18 2014
New Revision: 1557724

URL: http://svn.apache.org/r1557724
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55119
Avoid CVE-2013-1571 when generating Javadoc
Back-port of http://svn.apache.org/r1495875

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/dist.xml
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1557724&r1=1557723&r2=1557724&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jan 13 14:15:18 2014
@@ -61,13 +61,6 @@ PATCHES PROPOSED TO BACKPORT:
       requires Ant >= 1.8.0).
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55119
-  Avoid CVE-2013-1571 when generating Javadoc
-  http://svn.apache.org/r1495875
-  +1: markt, remm
-  +1: kkolinko (The fix goes into dist.xml)
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55671
   Consistent naming for genStringAsCharArray
   https://issues.apache.org/bugzilla/attachment.cgi?id=31187

Modified: tomcat/tc6.0.x/trunk/dist.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/dist.xml?rev=1557724&r1=1557723&r2=1557724&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/dist.xml (original)
+++ tomcat/tc6.0.x/trunk/dist.xml Mon Jan 13 14:15:18 2014
@@ -237,8 +237,78 @@
       additionalparam="-breakiterator"
       maxmemory="256m" >
     </javadoc>
+    <patch-javadoc dir="${tomcat.dist}/webapps/docs/api"
+      docencoding="ISO-8859-1"/>
   </target>
 
+  <!--
+    Patch frame injection bugs in javadoc generated files - see CVE-2013-1571,
+    http://www.kb.cert.org/vuls/id/225657
+
+    This macro works together with the javadoc task on Ant and should be 
invoked
+    directly after its execution to patch broken javadocs, e.g.:
+    <patch-javadoc dir="..." docencoding="UTF-8"/>
+    Please make sure that the docencoding parameter uses the same charset as
+    javadoc's docencoding. Default is the platform default encoding (like the
+    javadoc task).
+    The specified dir is the destination directory of the javadoc task.
+  -->
+  <macrodef name="patch-javadoc">
+    <attribute name="dir"/>
+    <attribute name="docencoding" default="${file.encoding}"/>
+    <sequential>
+      <replace encoding="@{docencoding}" summary="true" 
taskname="patch-javadoc">
+        <restrict>
+          <fileset dir="@{dir}" casesensitive="false"
+              includes="**/index.html,**/index.htm,**/toc.html,**/toc.htm"/>
+          <!-- TODO: add encoding="@{docencoding}" to contains check, when we
+               are on ANT 1.9.0: -->
+          <not>
+            <contains text="function validURL(url) {" casesensitive="true" />
+          </not>
+        </restrict>
+        <replacetoken><![CDATA[function loadFrames() {]]></replacetoken>
+        <replacevalue expandProperties="false"><![CDATA[if (targetPage != "" 
&& !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
+    function loadFrames() {]]></replacevalue>
+      </replace>
+    </sequential>
+  </macrodef>
+
   <target name="dist-deployer" description="Create the Tomcat deployer binary" 
>
 
     <!-- Servlet and JSP -->

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1557724&r1=1557723&r2=1557724&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Jan 13 14:15:18 2014
@@ -179,6 +179,9 @@
         Fix the sample configuration of 
<code>StaticMembershipInterceptor</code>
         in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)
       </fix>
+      <fix>
+        <bug>55119</bug>: Avoid CVE-2013-1571 when generating Javadoc. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to