You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:50:21 UTC
svn commit: r1077740 - in
/hadoop/common/branches/branch-0.20-security-patches: ./ ivy/
src/contrib/capacity-scheduler/ src/contrib/fairscheduler/
src/contrib/gridmix/ src/contrib/hdfsproxy/ src/contrib/streaming/
Author: omalley
Date: Fri Mar 4 04:50:20 2011
New Revision: 1077740
URL: http://svn.apache.org/viewvc?rev=1077740&view=rev
Log:
commit 83155c439b0e3fa872db3ac178fd87277ce53ef0
Author: Devaraj Das <dd...@yahoo-inc.com>
Date: Fri Oct 22 10:02:39 2010 -0700
. An XSS security exploit in jetty-6.1.14. jetty upgraded to 6.1.25.
+++ b/YAHOO-CHANGES.txt
+Release 0.20.201.5 - unreleased
+ . An XSS security exploit in jetty-6.1.14. jetty upgraded
+ to 6.1.25.
+
+Release 0.20.201.4 - unreleased
+
+ . Delete PrintWriter using iterator to fix
+ java.util.ConcurrentModificationException (dking)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/ivy.xml
hadoop/common/branches/branch-0.20-security-patches/ivy/hadoop-core-pom-template.xml
hadoop/common/branches/branch-0.20-security-patches/ivy/libraries.properties
hadoop/common/branches/branch-0.20-security-patches/src/contrib/capacity-scheduler/ivy.xml
hadoop/common/branches/branch-0.20-security-patches/src/contrib/fairscheduler/ivy.xml
hadoop/common/branches/branch-0.20-security-patches/src/contrib/gridmix/ivy.xml
hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/build.xml
hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/ivy.xml
hadoop/common/branches/branch-0.20-security-patches/src/contrib/streaming/ivy.xml
Modified: hadoop/common/branches/branch-0.20-security-patches/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/ivy.xml Fri Mar 4 04:50:20 2011
@@ -145,7 +145,7 @@
<dependency org="org.mortbay.jetty"
name="jetty"
rev="${jetty.version}"
- conf="jetty->master"/>
+ conf="jetty->default"/>
<dependency org="org.mortbay.jetty"
name="jetty-util"
rev="${jetty-util.version}"
@@ -212,10 +212,6 @@
name="commons-net"
rev="${commons-net.version}"
conf="s3-client->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="s3-client->master"/>
<!--Configuration: kfs -->
Modified: hadoop/common/branches/branch-0.20-security-patches/ivy/hadoop-core-pom-template.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/ivy/hadoop-core-pom-template.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/ivy/hadoop-core-pom-template.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/ivy/hadoop-core-pom-template.xml Fri Mar 4 04:50:20 2011
@@ -51,12 +51,12 @@
<dependency>
<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty</artifactId>
- <version>6.1.14</version>
+ <version>6.1.25</version>
</dependency>
<dependency>
<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty-util</artifactId>
- <version>6.1.14</version>
+ <version>6.1.25</version>
</dependency>
<dependency>
<groupId>tomcat</groupId>
@@ -94,11 +94,6 @@
<version>1.4.1</version>
</dependency>
<dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>servlet-api-2.5</artifactId>
- <version>6.1.14</version>
- </dependency>
- <dependency>
<groupId>net.sf.kosmosfs</groupId>
<artifactId>kfs</artifactId>
<version>0.3</version>
Modified: hadoop/common/branches/branch-0.20-security-patches/ivy/libraries.properties
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/ivy/libraries.properties?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/ivy/libraries.properties (original)
+++ hadoop/common/branches/branch-0.20-security-patches/ivy/libraries.properties Fri Mar 4 04:50:20 2011
@@ -52,9 +52,11 @@ jasper.version=5.5.12
# but still declared here as we are going to have a local copy from the lib folder
jsp.version=2.1
jsp-api.version=5.5.12
+jsp-api-2.1.version=6.1.14
+jsp-2.1.version=6.1.14
jets3t.version=0.6.1
-jetty.version=6.1.14
-jetty-util.version=6.1.14
+jetty.version=6.1.25
+jetty-util.version=6.1.25
junit.version=4.5
jdiff.version=1.0.9
json.version=1.0
@@ -71,7 +73,6 @@ oro.version=2.0.8
rats-lib.version=0.5.1
servlet.version=4.0.6
-servlet-api-2.5.version=6.1.14
servlet-api.version=2.5
slf4j-api.version=1.4.3
slf4j-log4j12.version=1.4.3
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/capacity-scheduler/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/capacity-scheduler/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/capacity-scheduler/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/capacity-scheduler/ivy.xml Fri Mar 4 04:50:20 2011
@@ -43,11 +43,7 @@
<dependency org="org.mortbay.jetty"
name="jetty"
rev="${jetty.version}"
- conf="common->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="common->master"/>
+ conf="common->default"/>
<dependency org="commons-httpclient"
name="commons-httpclient"
rev="${commons-httpclient.version}"
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/fairscheduler/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/fairscheduler/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/fairscheduler/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/fairscheduler/ivy.xml Fri Mar 4 04:50:20 2011
@@ -30,10 +30,6 @@
name="log4j"
rev="${log4j.version}"
conf="common->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="common->default"/>
<dependency org="junit"
name="junit"
rev="${junit.version}"
@@ -45,14 +41,14 @@
<dependency org="org.mortbay.jetty"
name="jetty"
rev="${jetty.version}"
- conf="common->master"/>
+ conf="common->default"/>
<dependency org="org.mortbay.jetty"
name="jsp-api-2.1"
- rev="${jetty.version}"
+ rev="${jsp-api-2.1.version}"
conf="common->master"/>
<dependency org="org.mortbay.jetty"
name="jsp-2.1"
- rev="${jetty.version}"
+ rev="${jsp-2.1.version}"
conf="common->master"/>
</dependencies>
</ivy-module>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/gridmix/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/gridmix/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/gridmix/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/gridmix/ivy.xml Fri Mar 4 04:50:20 2011
@@ -64,22 +64,18 @@
<dependency org="org.mortbay.jetty"
name="jetty"
rev="${jetty.version}"
- conf="common->master"/>
+ conf="common->default"/>
<dependency org="org.mortbay.jetty"
name="jetty-util"
rev="${jetty-util.version}"
conf="common->master"/>
<dependency org="org.mortbay.jetty"
name="jsp-api-2.1"
- rev="${jetty.version}"
+ rev="${jsp-api-2.1.version}"
conf="common->master"/>
<dependency org="org.mortbay.jetty"
name="jsp-2.1"
- rev="${jetty.version}"
- conf="common->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
+ rev="${jsp-2.1.version}"
conf="common->master"/>
<dependency org="commons-cli"
name="commons-cli"
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/build.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/build.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/build.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/build.xml Fri Mar 4 04:50:20 2011
@@ -401,7 +401,6 @@
<include name="xmlenc-${xmlenc.version}.jar"/>
<include name="jetty-util-${jetty-util.version}.jar"/>
<include name="jetty-${jetty.version}.jar"/>
- <include name="servlet-api-2.5-${servlet-api-2.5.version}.jar"/>
<include name="core-${core.vesion}.jar"/>
</fileset>
<fileset dir="${hadoop.root}/lib/jsp-${jsp.version}">
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/ivy.xml Fri Mar 4 04:50:20 2011
@@ -38,10 +38,6 @@
name="log4j"
rev="${log4j.version}"
conf="common->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="common->default"/>
<dependency org="commons-logging"
name="commons-logging"
rev="${commons-logging.version}"
@@ -70,10 +66,6 @@
name="jetty"
rev="${jetty.version}"
conf="common->default"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="common->default"/>
<dependency org="org.eclipse.jdt"
name="core"
rev="${core.version}"
Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/streaming/ivy.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/streaming/ivy.xml?rev=1077740&r1=1077739&r2=1077740&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/streaming/ivy.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/streaming/ivy.xml Fri Mar 4 04:50:20 2011
@@ -43,11 +43,7 @@
<dependency org="org.mortbay.jetty"
name="jetty"
rev="${jetty.version}"
- conf="common->master"/>
- <dependency org="org.mortbay.jetty"
- name="servlet-api-2.5"
- rev="${servlet-api-2.5.version}"
- conf="common->master"/>
+ conf="common->default"/>
<!-- <dependency org="tomcat"
name="jasper-runtime"
rev="${jasper.version}"