commit 83155c439b0e3fa872db3ac178fd87277ce53ef0

Author: Devaraj Das <ddas@yahoo-inc.com>
Date:   Fri Oct 22 10:02:39 2010 -0700

    . An XSS security exploit in jetty-6.1.14. jetty upgraded to 6.1.25.
    
    +++ b/YAHOO-CHANGES.txt
    +Release 0.20.201.5 - unreleased
    +    . An XSS security exploit in jetty-6.1.14. jetty upgraded
    +    to 6.1.25.
    +
    +Release 0.20.201.4 - unreleased
    +
    +    . Delete PrintWriter using iterator to fix
    +    java.util.ConcurrentModificationException (dking)
    +


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-patches@1077740 13f79535-47bb-0310-9956-ffa450edef68

ivy.xml

@@ -145,7 +145,7 @@
     <dependency org="org.mortbay.jetty"
       name="jetty"
       rev="${jetty.version}"
-      conf="jetty->master"/>
+      conf="jetty->default"/>
     <dependency org="org.mortbay.jetty"
       name="jetty-util"
       rev="${jetty-util.version}"
@@ -212,10 +212,6 @@
       name="commons-net"
       rev="${commons-net.version}"
       conf="s3-client->master"/> 
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="s3-client->master"/>
 
     <!--Configuration: kfs -->
 

ivy/hadoop-core-pom-template.xml

@@ -51,12 +51,12 @@
     <dependency>
       <groupId>org.mortbay.jetty</groupId>
       <artifactId>jetty</artifactId>
-      <version>6.1.14</version>
+      <version>6.1.25</version>
     </dependency>
     <dependency>
       <groupId>org.mortbay.jetty</groupId>
       <artifactId>jetty-util</artifactId>
-      <version>6.1.14</version>
+      <version>6.1.25</version>
     </dependency>
     <dependency>
       <groupId>tomcat</groupId>
@@ -93,11 +93,6 @@
       <artifactId>commons-net</artifactId>
       <version>1.4.1</version>
     </dependency>
-    <dependency>
-      <groupId>org.mortbay.jetty</groupId>
-      <artifactId>servlet-api-2.5</artifactId>
-      <version>6.1.14</version>
-    </dependency>
     <dependency>
       <groupId>net.sf.kosmosfs</groupId>
       <artifactId>kfs</artifactId>

ivy/libraries.properties

@@ -52,9 +52,11 @@ jasper.version=5.5.12
 # but still declared here as we are going to have a local copy from the lib folder
 jsp.version=2.1
 jsp-api.version=5.5.12
+jsp-api-2.1.version=6.1.14
+jsp-2.1.version=6.1.14
 jets3t.version=0.6.1
-jetty.version=6.1.14
-jetty-util.version=6.1.14
+jetty.version=6.1.25
+jetty-util.version=6.1.25
 junit.version=4.5
 jdiff.version=1.0.9
 json.version=1.0
@@ -71,7 +73,6 @@ oro.version=2.0.8
 rats-lib.version=0.5.1
 
 servlet.version=4.0.6
-servlet-api-2.5.version=6.1.14
 servlet-api.version=2.5
 slf4j-api.version=1.4.3
 slf4j-log4j12.version=1.4.3

src/contrib/capacity-scheduler/ivy.xml

@@ -43,11 +43,7 @@
     <dependency org="org.mortbay.jetty"
       name="jetty"
       rev="${jetty.version}"
-      conf="common->master"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="common->master"/> 
+      conf="common->default"/>
     <dependency org="commons-httpclient"
       name="commons-httpclient"
       rev="${commons-httpclient.version}"

src/contrib/fairscheduler/ivy.xml

@@ -30,10 +30,6 @@
       name="log4j"
       rev="${log4j.version}"
       conf="common->master"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="common->default"/> 
    <dependency org="junit"
       name="junit"
       rev="${junit.version}"
@@ -45,14 +41,14 @@
     <dependency org="org.mortbay.jetty"
       name="jetty"
       rev="${jetty.version}"
-      conf="common->master"/>
+      conf="common->default"/>
     <dependency org="org.mortbay.jetty"
       name="jsp-api-2.1"
-      rev="${jetty.version}"
+      rev="${jsp-api-2.1.version}"
       conf="common->master"/>
     <dependency org="org.mortbay.jetty"
       name="jsp-2.1"
-      rev="${jetty.version}"
+      rev="${jsp-2.1.version}"
       conf="common->master"/>
   </dependencies>
 </ivy-module>

src/contrib/gridmix/ivy.xml

@@ -64,22 +64,18 @@
     <dependency org="org.mortbay.jetty"
       name="jetty"
       rev="${jetty.version}"
-      conf="common->master"/>
+      conf="common->default"/>
     <dependency org="org.mortbay.jetty"
       name="jetty-util"
       rev="${jetty-util.version}"
       conf="common->master"/>
     <dependency org="org.mortbay.jetty"
       name="jsp-api-2.1"
-      rev="${jetty.version}"
+      rev="${jsp-api-2.1.version}"
       conf="common->master"/>
     <dependency org="org.mortbay.jetty"
       name="jsp-2.1"
-      rev="${jetty.version}"
-      conf="common->master"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
+      rev="${jsp-2.1.version}"
       conf="common->master"/>
     <dependency org="commons-cli"
       name="commons-cli"

src/contrib/hdfsproxy/build.xml

@@ -401,7 +401,6 @@
         <include name="xmlenc-${xmlenc.version}.jar"/>
         <include name="jetty-util-${jetty-util.version}.jar"/>
         <include name="jetty-${jetty.version}.jar"/>
-        <include name="servlet-api-2.5-${servlet-api-2.5.version}.jar"/>
         <include name="core-${core.vesion}.jar"/>
       </fileset>
       <fileset dir="${hadoop.root}/lib/jsp-${jsp.version}">

src/contrib/hdfsproxy/ivy.xml

@@ -38,10 +38,6 @@
       name="log4j"
       rev="${log4j.version}"
       conf="common->master"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="common->default"/>
     <dependency org="commons-logging"
       name="commons-logging"
       rev="${commons-logging.version}"
@@ -70,10 +66,6 @@
       name="jetty"
       rev="${jetty.version}"
       conf="common->default"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="common->default"/>
     <dependency org="org.eclipse.jdt"
       name="core"
       rev="${core.version}"

src/contrib/streaming/ivy.xml

@@ -43,11 +43,7 @@
     <dependency org="org.mortbay.jetty"
       name="jetty"
       rev="${jetty.version}"
-      conf="common->master"/>
-    <dependency org="org.mortbay.jetty"
-      name="servlet-api-2.5"
-      rev="${servlet-api-2.5.version}"
-      conf="common->master"/> 
+      conf="common->default"/>
 <!-- <dependency org="tomcat"
       name="jasper-runtime"
       rev="${jasper.version}"