You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Rainer Jung <ra...@kippdata.de> on 2020/10/25 16:12:06 UTC
Re: [tomcat] 02/02: Fix 64735 ServletContext.addJspFile() always
fails with SecurityManager
Am 30.09.2020 um 19:03 schrieb markt@apache.org:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch 7.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit c4b1559d6e7f131be804373719fe41c26969df54
> Author: Kyle Stiemann <ky...@contrastsecurity.com>
> AuthorDate: Thu Sep 10 16:47:21 2020 -0400
>
> Fix 64735 ServletContext.addJspFile() always fails with SecurityManager
> ---
> build.properties.default | 24 ++--
> build.xml | 13 ++
> .../catalina/core/ApplicationContextFacade.java | 1 +
> ...estApplicationContextFacadeSecurityManager.java | 153 +++++++++++++++++++++
> .../util/security/SecurityManagerBaseTest.java | 50 +++++++
> webapps/docs/changelog.xml | 5 +
> 6 files changed, 234 insertions(+), 12 deletions(-)
>
> diff --git a/build.properties.default b/build.properties.default
> index 96637e5..c4ab2ba 100644
> --- a/build.properties.default
> +++ b/build.properties.default
> @@ -257,29 +257,29 @@ hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
...
>
> -# ----- cglib, used by EasyMock, version 2.2 or later -----
> -cglib.version=2.2.3
> +# ----- cglib, used by EasyMock, version 3.3 or later -----
> +cglib.version=3.3.0
> cglib.checksum.enabled=true
> -cglib.checksum.algorithm=MD5|SHA-1
> -cglib.checksum.value=694815351007f966c14ea093ec838323|6a4af5d9112066a5baf235fd55d5876969bc813c
> +cglib.checksum.algorithm=SHA-512
> +cglib.checksum.value=faa1d2121e87ae69e179e3aae217accd0834e0da716b91a029fd526e192612e71675f2740bedf48e23ef1edc45f672a2be1b3e78bbfb1ad59c96dd3d2feeedba
> cglib.home=${base.path}/cglib-${cglib.version}
> cglib.jar=${cglib.home}/cglib-nodep-${cglib.version}.jar
> cglib.loc=${base-sf.loc}/cglib/cglib-nodep-${cglib.version}.jar
It looks to me as if SF doesn't provide cglib 3.3.0. TC 8.5, which also
uses cglib 3.3.0 contains the following delta:
-cglib.loc=${base-sf.loc}/cglib/cglib-nodep-${cglib.version}.jar
+cglib.loc=${base-maven.loc}/cglib/cglib-nodep/${cglib.version}/cglib-nodep-${cglib.version}.jar
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] 02/02: Fix 64735 ServletContext.addJspFile() always
fails with SecurityManager
Posted by Mark Thomas <ma...@apache.org>.
On 25/10/2020 16:12, Rainer Jung wrote:
> Am 30.09.2020 um 19:03 schrieb markt@apache.org:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch 7.0.x
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>> commit c4b1559d6e7f131be804373719fe41c26969df54
<snip/>
>> cglib.home=${base.path}/cglib-${cglib.version}
>> cglib.jar=${cglib.home}/cglib-nodep-${cglib.version}.jar
>> cglib.loc=${base-sf.loc}/cglib/cglib-nodep-${cglib.version}.jar
>
> It looks to me as if SF doesn't provide cglib 3.3.0. TC 8.5, which also
> uses cglib 3.3.0 contains the following delta:
>
> -cglib.loc=${base-sf.loc}/cglib/cglib-nodep-${cglib.version}.jar
> +cglib.loc=${base-maven.loc}/cglib/cglib-nodep/${cglib.version}/cglib-nodep-${cglib.version}.jar
Thanks Rainer. Nice catch. I missed that as I already had the JAR
locally and I share a libs directory between all Tomcat versions.
I'll commit a fix shortly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org