jerboaa pushed to thermostat (f21). "Make web.xml no longer word-readable. (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu May 21 12:34:31 UTC 2015
From 437206855deab9cf927c2ff099ee7c736fe898ef Mon Sep 17 00:00:00 2001
From: Severin Gehwolf <sgehwolf at redhat.com>
Date: Thu, 21 May 2015 14:31:57 +0200
Subject: Make web.xml no longer word-readable.
- Resolves: CVE-2015-3201
diff --git a/thermostat.spec b/thermostat.spec
index 5f88a14..d3c2969 100644
--- a/thermostat.spec
+++ b/thermostat.spec
@@ -80,7 +80,7 @@ Name: %{?scl_prefix}thermostat
Version: %{major}.%{minor}.%{patchlevel}
# If building from snapshot out of hg, uncomment and adjust below value as appropriate
#Release: 0.1.20131122hg%{hgrev}%{?dist}
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A monitoring and serviceability tool for OpenJDK
License: GPLv2+ with exceptions and OFL
URL: http://icedtea.classpath.org/thermostat/
@@ -824,14 +824,19 @@ end
%files webapp -f .mfiles-webapp
%{thermostat_catalina_base}
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}_jaas.conf
-# Those files should be readable by root and tomcat only
+# Those files should be readable by root and tomcat only as they contain credentials
%attr(0640,root,tomcat) %config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}-users.properties
%attr(0640,root,tomcat) %config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}-roles.properties
+%attr(0640,root,tomcat) %config(noreplace) %{thermostat_catalina_base}/webapps/thermostat/WEB-INF/web.xml
# We need an extra file in order to make thermostat-webapp work with
# our custom CATALINA_BASE. This sets the JAAS-config option.
%config(noreplace) %{system_confdir}/sysconfig/tomcat@%{pkg_name}
%changelog
+* Thu May 21 2015 Severin Gehwolf <sgehwolf at redhat.com> - 1.0.6-2
+- Make web.xml no longer word-readable.
+- Resolves: CVE-2015-3201
+
* Thu Dec 18 2014 Elliott Baron <ebaron at redhat.com> - 1.0.6-1
- Update to latest maintenance release.
- Resolves: CVE-2014-8120
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/thermostat.git/commit/?h=f21&id=437206855deab9cf927c2ff099ee7c736fe898ef
More information about the scm-commits
mailing list