Sync from SUSE:SLFO:Main tomcat revision b328e4a4307bb0a878cbcc87128b8d9b

This commit is contained in:
Adrian Schröter 2024-07-22 17:46:44 +02:00
parent ef0b4fbb59
commit 4c7971b1a6
8 changed files with 273 additions and 39 deletions

BIN
apache-tomcat-9.0.87-src.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmXu2nYACgkQaCSJWTWe
cis4lg//VHmtdBX2BrPuE8AV2R3ob9KI4uxrBxfjukb/HfvsXT1Zz00R27HVbKln
h1hx7PCTrVJq+sHLDiDnYF1FDC5M+atvryoXcFIAEgnkqQ4toSgqBTa85NcRxrKY
lBnQrZ5ZF5MJ7h+E8r7PIXwjbKbcvMLnhqvXwIB6TOMgUC3UOwZPN2vvq20XqYHA
tevMCDLdMjcAdiOMqkekmq6y8KaEMoEY2rJG3KHCPXKkVQflQoX1bNs88vSd4t4F
CQTcLauo9oyT+IaaanJWrawnKxlAD6x8QuFkJWNK2SC7145IGWeo1R32xzPvQdau
Lu69YayASXq2nilYCLI3uZQ4tFSjCosi+DZaJVatMi2wbGXheau36vS8WLYkroWt
w9deOo+KYiibckgEGbEncAD54sBVKF5Eun751CzSDZC1yV+08oII16koIl0TQlcd
ZFhpIgQ5fo19VUReLQ9JlR98vbLnVFGg+3GVzHqfIATrVuulaliw6HOK7UT/ixFX
jWNdR+/szFe3gTy+RifMU4C3D0hWEhRQGjnVoUPdck2ANBOm5CPV3R5IL2ej03yj
LYXCJ++r+e/O5tftlax2Tnpmxzo0HFrQCSr+1HTsE4VY7Upy0liiV3btBWPcKKVp
0e3E2wYv9P1PcTJD+XUOLX1yuYZv0xCS5fQ4t/ZlSR2R20+rUu4=
=F+I2
-----END PGP SIGNATURE-----

BIN
apache-tomcat-9.0.91-src.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmaD9OQACgkQaCSJWTWe
cit6cA/+L/gMzNTxjtqsuWDrT1Wkr9MeU6/5oEB/LpUxhWUWam0Ni+eyj51vLO6X
7UfHOQt8qClNUsyqz6kpmedPLowrhPk2UM9LdJsn7Sh9ttdbJQzjHD3LqVze9CKu
eHggf6KUTJGcbOpP+8/gttwVM7U4wGppzOLi4vQCSI54yO4tinyyaSEk0DH8zlAa
Rcb6tJoKEtqtlq1gam9udjPFFcNOcpXEOCLCgLRLqVkna3IVvFUNTx0bccilUDl/
vGcD/7W1tsULb4A0sqLhQINzZlBpu2kp/5qdWLFhnJhRp0pZbLDo5/gjW77jLrIx
HMmSuPVuswn/OQmAe57YRo2YF3e+7zxjKJ+73aDhfK/xHEInsQMgMCdgYH+d6Inn
OT4MrUVEPApOnQPpV2Ag9HEvw3E9zT3dkcNqn3QCF+RaXNtdJgGurRl5UaQapWkH
Mj6WbnmWpqTBO1SxxPCb1KqIoO3jLqKMR7h0TAchBH/XdRuafy3Ga632dUYX722J
K73vU1fC1pyh0NZMPsDEAwv3V0JDnYzAF4PKxKb2gnQ/2u/e/p/ACBgaVqXRMAD9
JFfhgBnt5vj7GOOm5opYoW+B1dtRyJ2CmYmO+g9UstRxYhShH7HPQbyExJo81JgZ
S1W7wYlopgIAsL9gy1TlPAofa25SI24UaaC4VivDK2FyyAYk21Y=
=1v5b
-----END PGP SIGNATURE-----

View File

@ -1,13 +1,13 @@
Index: apache-tomcat-9.0.85-src/build.xml
Index: apache-tomcat-9.0.91-src/build.xml
===================================================================
--- apache-tomcat-9.0.85-src.orig/build.xml
+++ apache-tomcat-9.0.85-src/build.xml
--- apache-tomcat-9.0.91-src.orig/build.xml
+++ apache-tomcat-9.0.91-src/build.xml
@@ -107,7 +107,7 @@
<!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
<property name="compile.release" value="8"/>
<property name="min.java.version" value="8"/>
- <property name="build.java.version" value="17"/>
+ <property name="build.java.version" value="11"/>
<property name="release.java.version" value="17"/>
<property name="skip.build.java.version" value="false"/>
<!-- Check Java Build Version -->
<fail message="Java version ${build.java.version} or newer is required (${java.version} is installed)">

View File

@ -1,8 +1,19 @@
--- apache-tomcat-9.0.75-src/build.xml 2023-05-22 18:12:16.995658642 +0200
+++ apache-tomcat-9.0.75-src/build.xml 2023-05-22 19:41:42.051370923 +0200
@@ -215,10 +215,10 @@
--- apache-tomcat-9.0.91-src/build.xml 2024-07-08 18:21:26.161496515 +0200
+++ apache-tomcat-9.0.91-src/build.xml 2024-07-08 18:30:43.722334075 +0200
@@ -226,11 +226,21 @@
<!--<defaultexcludes echo="true" />-->
<!-- Classpaths -->
+ <path id="bnd.classpath">
+ <fileset file="${bnd.jar}" />
+ <fileset dir="${bnd.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <fileset file="${osgiannotation.jar}" />
+ <fileset file="${osgicmpn.jar}" />
+ <fileset file="${slf4j-api.jar}" />
+ </path>
+
<path id="compile.classpath">
- <pathelement location="${bnd.jar}"/>
<pathelement location="${jdt.jar}"/>
@ -12,16 +23,14 @@
</path>
<path id="tomcat.classpath">
@@ -3845,6 +3845,12 @@
<!-- Add bnd tasks to project -->
<path id="bnd.classpath">
<fileset file="${bnd.jar}" />
+ <fileset dir="${bnd.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <fileset file="${osgiannotation.jar}" />
+ <fileset file="${osgicmpn.jar}" />
+ <fileset file="${slf4j-api.jar}" />
</path>
@@ -3960,10 +3970,6 @@
<target name="setup-bnd" depends="download-bnd" unless="skip.build.java.version">
<!-- Add bnd tasks to project -->
- <path id="bnd.classpath">
- <fileset file="${bnd.jar}" />
- </path>
-
<taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bnd.classpath" />
</target>

View File

@ -1,3 +1,228 @@
-------------------------------------------------------------------
Mon Jul 8 16:34:38 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Modified patch:
* tomcat-9.0-osgi-build.patch
+ move the definition of bnd.classpath out of the setup-bnd task
since it is one component in build.classpath
-------------------------------------------------------------------
Mon Jul 8 14:54:54 UTC 2024 - Ricardo Mestre <ricardo.mestre@suse.com>
- Update to Tomcat 9.0.91
* Fixed CVEs:
+ CVE-2024-34750: Improper handling of exceptional conditions
(bsc#1227399)
* Catalina
+ Fix: Allow JAASRealm to use the configuration source to load a configured
configFile, for easier use with testing. (remm)
+ Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm)
+ Fix: 69131: Expand the implementation of the filter value of the
Authenticator attribute allowCorsPreflight, so that it applies to all
requests that match the configured URL patterns for the CORS filter,
rather than only applying if the CORS filter is mapped to /*. (markt)
+ Add: Add support for shallow copies when using WebDAV. (markt)
+ Code: Deprecate the WebdavFixFilter as it is no longer required. (markt)
+ Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64.
Submitted by Daniel Lyko. (remm)
+ Update: Update minimum recommended version of Tomcat Native to 1.3.0. Pull
request #728 provided by Dimitrios Soumis. (markt)
+ Update: The system property org.apache.catalina.connector.RECYCLE_FACADES
will now default to true if not specified, which will in turn set the
default value for the discardFacades connector attribute, thus causing
facade objects to be discarded by default. (remm)
+ Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for
retrieving extended/additional information from an established GSS
context. (michaelo)
+ Fix: Correct a regression in the fix for 68721 that caused some instances
of LinkageError to be reported as ClassNotFoundException. (markt)
+ Fix: Ensure that static resources deployed via a JAR file remain
accessible when the context is configured to use a bloom filter. Based on
pull request #730 provided by bergander. (markt)
+ Add: Introduce reference counting so the AprLifecycleListener is more
robust. This particularly targets more complex embedded configurations
with multiple server instances with independent lifecycles where more than
one server instance requires the AprLifecycleListener. (markt)
+ Update: Deprecate and remove sessionCounter (replaced by the addition of
the active session count and the expired session count, as a reasonable
approximation) and duplicates (which does not represent a possible event
in current implementations) statistics from the session manager. (remm)
+ Fix: 68890 Align output encoding of JSPs in the Manager webapp with the
XML declarations in those same files. (schultz)
+ Fix: Update Basic authentication to implement the requirements of RFC 7617
including the changing of the trimCredentials setting which is now
defaults to false. Note that the trimCredentials setting will be removed
in Tomcat 11. (markt)
+ Add: Small performance optimization when logging cookies with no values.
(schultz)
+ Fix: Correct error handling for asynchronous requests. If the application
performs an dispatch during AsyncListener.onError() the dispatch is now
performed rather than completing the request using the error page
mechanism. (markt)
+ Fix: Fix WebDAV lock null (locks for non existing resources) thread safety
and removal. (remm)
+ Fix: Add periodic checking for WebDAV locks expiration. (remm)
+ Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo)
+ Update: Add highConcurrencyStatus attribute to the SemaphoreValve to
optionally allow the valve to return an error status code to the client
when a permit cannot be acquired from the semaphore. (remm)
+ Add: Add checking of the "age" of the running Tomcat instance since its
build-date to the SecurityListener, and log a warning if the server is
old. (schultz)
+ Fix: When using the AsyncContext, throw an IllegalStateException, rather
than allowing an NullPointerException, if an attempt is made to use the
AsyncContext after it has been recycled. (markt)
+ Fix: Change the thread-safety mechanism for protecting
StandardServer.services from a simple synchronized lock to a
ReentrantReadWriteLock to allow multiple readers to operate
simultaneously. Based upon a suggestion by Markus Wolfe. (schultz)
+ Fix: Improve Service connectors, Container children and Service executors
access sync using a ReentrantReadWriteLock. (remm)
+ Fix: Improve handling of integer overflow if an attempt is made to upload
a file via the Servlet API and the file is larger than
Integer.MAX_VALUE. (markt)
+ Fix: 68862: Handle possible response commit when processing read errors.
(remm)
* Jasper
+ Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of
new classes added to the java.lang package in Java 23. (markt)
+ Fix: Ensure that an exception in toString() still results in an
ELException when an object is coerced to a String using
ExpressionFactory.coerceToType(). (markt)
+ Add: Add support for specifying Java 24 (with the value 24) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that context relative includes are processed correctly. (
markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that file relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that file relative includes are are not permitted to access
files outside of the /META_INF/tags/ directory nor outside of the JAR
file. (markt)
+ Fix: 68546: Small additional optimisation for initial loading of Servlet
code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt)
+ Add: Add support for specifying Java 23 (with the value 23) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: Handle the case where the JSP engine forwards a request/response to a
Servlet that uses an OutputStream rather than a Writer. This was
triggering an IllegalStateException on code paths where there was a
subsequent attempt to obtain a Writer. (markt)
+ Fix: Correctly handle the case where a tag library is packaged in a JAR
file and the web application is deployed as a WAR file rather than an
unpacked directory. (markt)
+ Fix: Prevent the web application's ClassLoader from being pinned by the
JSP compiler if an application uses a custom XMLInputFactory. Based upon a
suggestion from Simon Niederberger. (schultz)
* Web applications
+ Fix: Fix status servlet detailed view of the connectors when using
automatic port. (remm)
+ Add: Add the ability to set a sub-title for the Manager web application
main page. This is intended to allow users with lots of instances to
easily distinguish them. Based on pull request #724 by Simon Arame.
(markt)
+ Fix: Examples: Improve performance of WebSocket chat application when
multiple clients disconnect at the same time. (markt)
+ Update: Examples: Increase the number of previous messages displayed when
using the WebSocket chat application. (markt)
+ Fix: Examples: Improve performance of WebSocket snake application when
multiple clients disconnect at the same time. (markt)
* Coyote
+ Fix: Improve the algorithm used to identify the IP address to use to
unlock the acceptor thread when a Connector is listening on all local
addresses. Interfaces that are configured for point to point connections
or are not currently up are now skipped. (markt)
+ Fix: 69121: Ensure that the onComplete() event is triggered if
AsyncListener.onError() dispatches to a target that throws an exception.
(markt)
+ Fix: Following the trailer header field refactoring, -1 is no longer an
allowed value for maxTrailerSize. Adjust documentation accordingly. (remm)
+ Fix: 69068: Ensure read timouts are triggered for asynchronous,
non-blocking reads when using HTTP/2. (markt)
+ Update: 69133: Add task queue size configuration on the Connector element,
similar to the Executor element, for consistency. (remm)
+ Fix: Make counting of active HTTP/2 streams per connection more robust.
(markt)
+ Add: Add support for TLS 1.3 client initiated re-keying. (markt)
+ Fix: Align non-secure and secure writes with NIO and skip the write
attempt when there are no bytes to be written. (markt)
+ Fix: Allow any positive value for socket.unlockTimeout. If a negative or
zero value is configured, the default of 250ms will be used. (mark)
+ Fix: Reduce the time spent waiting for the connector to unlock. The
previous default of 10s was noticeably too long for cases where the unlock
has failed. The wait time is now 100ms plus twice socket.unlockTimeout.
(markt)
+ Fix: Ensure that the onAllDataRead() event is triggered when the request
body uses chunked encoding and is read using non-blocking IO. (markt)
+ Fix: 68934: Add debug logging in the latch object when exceeding
maxConnections. (remm)
+ Fix: Refactor trailer field handling to use a MimeHeaders instance to
store trailer fields. (markt)
+ Fix: Ensure that multiple instances of the same trailer field are handled
correctly. (markt)
+ Fix: Fix non-blocking reads of chunked request bodies. (markt)
+ Fix: When an invalid HTTP response header was dropped, an off-by-one error
meant that the first header in the response was also dropped. Fix based on
pull request #710 by foremans. (markt)
+ Fix: Add threadsMaxIdleTime attribute to the endpoint, to allow
configuring the amount of time before an internal executor will scale back
to the configured minSpareThreads size. (remm)
* WebSocket
+ Fix: 68884: Reduce the write timeout when writing WebSocket close messages
for abnormal closes. The timeout defaults to 50 milliseconds and may be
controlled using the
org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property
in the user properties collection associated with the WebSocket session.
(markt)
* Other
+ Update: Add test-only build target to allow running only the testsuite,
supporting Java versions down to the minimum supported to run Tomcat.
(rjung)
+ Update: Update UnboundID to 7.0.1. (markt)
+ Update: Update to SpotBugs 4.8.6. (markt)
+ Update: Remove cglib dependency as it is not required by the version of
EasyMock used by the unit tests. (markt)
+ Update: Update EasyMock to 5.3.0. This adds a test dependency on
Byte-Buddy 1.14.17. (markt)
+ Add: Improvements to Czech translations by Vladimír Chlup. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by fangzheng. (markt)
+ Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby
that runs on Java 17. (markt)
+ Update: Update to Commons Daemon 1.4.0. (markt)
+ Update: Update to Objenesis 3.4. (markt)
+ Update: Update to Checkstyle 10.17.0. (markt)
+ Update: Update to SpotBugs 4.8.5. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Switch to using the Base64 encoder and decoder provided by the JRE
rather than the version provided by Commons Codec. The internal fork of
Commons Codec has been deprecated and will be removed in Tomcat 11.
(markt)
+ Update: Update NSIS to 3.10. (mark0t)
+ Update: Update UnboundID to 7.0.0. (markt)
+ Update: Update Checkstyle to 10.16.0. (markt)
+ Update: Update JaCoCo to 0.8.12. (markt)
+ Update: Update SpotBugs to 4.8.4. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
+ Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.14.1. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
+ Update: Update the internal fork of Apache Commons Codec to 1.16.1.
(markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (remm)
+ Add: Improvements to Chinese translations by leeyazhou. (remm)
- Modified patch:
* tomcat-9.0-build-with-java-11.patch
+ rediff to changed context
-------------------------------------------------------------------
Fri Apr 5 14:24:14 UTC 2024 - Ricardo Mestre <ricardo.mestre@suse.com>

View File

@ -22,7 +22,7 @@
%define elspec 3.0
%define major_version 9
%define minor_version 0
%define micro_version 87
%define micro_version 91
%define packdname apache-tomcat-%{version}-src
# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
%global basedir /srv/%{name}