[Bug 958727] New: plexus-utils: XMLWriterUtil should guard against problematic comments
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958727
Bug ID: 958727
Summary: plexus-utils: XMLWriterUtil should guard against
problematic comments
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int)
does not check if the comment includes a "-->" sequence. This means that text
contained in the command string could be interpreted as XML, possibly leading
to XML injection issues, depending on how this method is being called.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe
8 years
[Bug 958221] New: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958221
Bug ID: 958221
Summary: plexus-utils: directory traversal in
org.codehaus.plexus.util.Expand
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.Expand does not guard against directory traversal, but
such protection is generally expected from unarchiving tools.
I think the class should just be deprecated and removed because there do not
appear to be any users left (not even a test case).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe
8 years
[Bug 1286800] New: Failed to start component due to wrong allowLinking="true" in context.xml
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1286800
Bug ID: 1286800
Summary: Failed to start component due to wrong
allowLinking="true" in context.xml
Product: Fedora
Version: 23
Component: tomcat
Severity: low
Assignee: ivan.afonichev(a)gmail.com
Reporter: wolf(a)parallels.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, csutherl(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, me(a)coolsvap.net
Description of problem:
Failed to start component due to wrong allowLinking="true" in context.xml
Version-Release number of selected component (if applicable):
tomcat-webapps-8.0.26-1.fc23.noarch
How reproducible:
100%
Steps to Reproduce:
1. Try to open tomcat example
2. It fails
Actual results:
In tomcat logs:
---
30-Nov-2015 15:03:45.958 WARNING [localhost-startStop-1]
org.apache.catalina.startup.SetContextPropertiesRule.begin
SetContextPropertiesRule]{Context} Setting property 'allowLinking' to 'true'
did not find a matching property.
30-Nov-2015 15:03:45.992 SEVERE [localhost-startStop-1]
org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild:
start:
org.apache.catalina.LifecycleException: Failed to start component
StandardEngine[Catalina].StandardHost[localhost].StandardContext[/examples]]
---
Expected results:
No failures
Additional info:
As described here:
https://tomcat.apache.org/migration-8.html#Web_application_resources
the /var/lib/tomcat/webapps/examples/META-INF/context.xml should contain
<Context>
<Resources allowLinking="true" />
</Context>
instead of
<Context allowLinking="true"/>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DGimPgIyUm&a=cc_unsubscribe
8 years
[Bug 1283736] New: nosync i686 can not be installed on from x86_64 system
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1283736
Bug ID: 1283736
Summary: nosync i686 can not be installed on from x86_64 system
Product: Fedora
Version: 22
Component: nosync
Assignee: mizdebsk(a)redhat.com
Reporter: hobbes1069(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Description of problem:
When trying to upgrade from f21 to f22 I had to remove nosync.i686 before
system-upgrade would complete. After the upgrade finished I attempted a:
dnf install nosync.i686
but no package was found.
Version-Release number of selected component (if applicable):
nosync-1.0-2.fc22.i686
Additional info:
It seems that the i686 package is not available in the x86_64 repository for
some reason. I was able to install the i686 build from koji that matches the
NVR of x86_64.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UCUZ7p57It&a=cc_unsubscribe
8 years
[Bug 1193307] New: tomcat: do not provide javax.el:el-api
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1193307
Bug ID: 1193307
Summary: tomcat: do not provide javax.el:el-api
Product: Fedora
Version: 22
Component: tomcat
Assignee: ivan.afonichev(a)gmail.com
Reporter: msrb(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Description of problem:
tomcat currently provides, among others, mvn(javax.el:el-api). The problem is
that the glassfish-el-api provides it as well. This causes other packages fail
to build, if both tomcat and glassfish-el-api happen to be in the buildroot. I
think that glassfish-el-api should be the one providing javax.el:el-api, as it
is a reference implementation of EL.
Java packaging guidelines should be updated as well.
Version-Release number of selected component (if applicable):
tomcat-8.0.18-1.fc23
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kgtemPVawE&a=cc_unsubscribe
8 years, 1 month