From ef0b4fbb59a5fb5a575f957e122f4f2ca4e3c4377171443a33a5ee54a3f2b3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 31 May 2024 15:01:27 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main tomcat revision d68f6fd9d7bd5158d59aa392ec48e91f --- apache-tomcat-9.0.85-src.tar.gz | 3 - apache-tomcat-9.0.85-src.tar.gz.asc | 16 ---- apache-tomcat-9.0.87-src.tar.gz | 3 + apache-tomcat-9.0.87-src.tar.gz.asc | 16 ++++ tomcat.changes | 109 ++++++++++++++++++++++++++++ tomcat.spec | 2 +- 6 files changed, 129 insertions(+), 20 deletions(-) delete mode 100644 apache-tomcat-9.0.85-src.tar.gz delete mode 100644 apache-tomcat-9.0.85-src.tar.gz.asc create mode 100644 apache-tomcat-9.0.87-src.tar.gz create mode 100644 apache-tomcat-9.0.87-src.tar.gz.asc diff --git a/apache-tomcat-9.0.85-src.tar.gz b/apache-tomcat-9.0.85-src.tar.gz deleted file mode 100644 index 7e47d02..0000000 --- a/apache-tomcat-9.0.85-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bd5f0d636ec6d6a0512079d62137b46396cb3ef89e98c47ce172921386bece86 -size 6315926 diff --git a/apache-tomcat-9.0.85-src.tar.gz.asc b/apache-tomcat-9.0.85-src.tar.gz.asc deleted file mode 100644 index 984252d..0000000 --- a/apache-tomcat-9.0.85-src.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmWXwOIACgkQaCSJWTWe -civPQA//Qy3b3J48H/thEWhTYXy+KlcRP8p10iJu/dtSRbU1kkjP8Cj5jl0j1TXJ -tf/qygoBV2ckJAVyJkul7TXsA5Memj2MoaK32bm/GEXd1Cv1BClBC2qDsSWcca/C -Ua3q/2tg9muVo3JhETash2iQN4AtIbeELrsRTwvV3+w1eeJ0OcE84xytSw0b3FQu -rv1rWBfzTnkGPB4Uipzpq6aXZtfW5B9isEhb1MniAHZYKMWhJ9svS0hWvQzhPHYo -X5sbmkhqht2MwVdUfw9CTwITydcRsJkdz1rMtcGXbfVEhvrZi9jeM0ygqf+RxPhi -nCSea80CeaKv4DFh3h0zYhk9k+Y6j23X4gF15tYz3JxV+tDTPD2nNnDXFyKg3RAH -CddjOXBQONKx1O1C4D1MkBaQdNwm1qS2rooxd61sMsYAuWACUMaIBn9SozwtyJ3K -WQx4nrpXOuLoqFGOv7eiVW5bYnxyg4jiQr6kWMFMXGhZtY9uj3uL1Ojll0EsRx1C -yIJHh0nVKuze2zuqMqp5g40q4f2/fFl3LJoArOkunxDpi8X4HpMP1STY+0dxOSxb -Mm9nF/10YpCyvZkvAdw3ymJEecXUJKAJiG3xCOUzCHtYnsF09kyqQ9Ho01CC5nSB -hCJ6kCqRAhE3jS0sXNh9HLKvHcvJGZ2IT/40AU9oRSVzZncMEUc= -=bszF ------END PGP SIGNATURE----- diff --git a/apache-tomcat-9.0.87-src.tar.gz b/apache-tomcat-9.0.87-src.tar.gz new file mode 100644 index 0000000..05c9438 --- /dev/null +++ b/apache-tomcat-9.0.87-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cf9248f068152518445f6e418b5a6a1251ea3b8c7a60f6d35c6d3a79d13d26b1 +size 6332438 diff --git a/apache-tomcat-9.0.87-src.tar.gz.asc b/apache-tomcat-9.0.87-src.tar.gz.asc new file mode 100644 index 0000000..9ace728 --- /dev/null +++ b/apache-tomcat-9.0.87-src.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmXu2nYACgkQaCSJWTWe +cis4lg//VHmtdBX2BrPuE8AV2R3ob9KI4uxrBxfjukb/HfvsXT1Zz00R27HVbKln +h1hx7PCTrVJq+sHLDiDnYF1FDC5M+atvryoXcFIAEgnkqQ4toSgqBTa85NcRxrKY +lBnQrZ5ZF5MJ7h+E8r7PIXwjbKbcvMLnhqvXwIB6TOMgUC3UOwZPN2vvq20XqYHA +tevMCDLdMjcAdiOMqkekmq6y8KaEMoEY2rJG3KHCPXKkVQflQoX1bNs88vSd4t4F +CQTcLauo9oyT+IaaanJWrawnKxlAD6x8QuFkJWNK2SC7145IGWeo1R32xzPvQdau +Lu69YayASXq2nilYCLI3uZQ4tFSjCosi+DZaJVatMi2wbGXheau36vS8WLYkroWt +w9deOo+KYiibckgEGbEncAD54sBVKF5Eun751CzSDZC1yV+08oII16koIl0TQlcd +ZFhpIgQ5fo19VUReLQ9JlR98vbLnVFGg+3GVzHqfIATrVuulaliw6HOK7UT/ixFX +jWNdR+/szFe3gTy+RifMU4C3D0hWEhRQGjnVoUPdck2ANBOm5CPV3R5IL2ej03yj +LYXCJ++r+e/O5tftlax2Tnpmxzo0HFrQCSr+1HTsE4VY7Upy0liiV3btBWPcKKVp +0e3E2wYv9P1PcTJD+XUOLX1yuYZv0xCS5fQ4t/ZlSR2R20+rUu4= +=F+I2 +-----END PGP SIGNATURE----- diff --git a/tomcat.changes b/tomcat.changes index 217521b..e330a9c 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,112 @@ +------------------------------------------------------------------- +Fri Apr 5 14:24:14 UTC 2024 - Ricardo Mestre + +- Update to Tomcat 9.0.87 + * Fixed CVEs: + + CVE-2024-24549: Improved request header validation for HTTP/2 stream + (bsc#1221386) + + CVE-2024-23672: Ensure that WebSocket connection closure completes if + the connection is closed when the server side has used the proprietary + suspend/resume feature to suspend the connection (bsc#1221385) + * Catalina + + Fix: Minor performance improvement for building filter chains. Based + on ideas from #702 by Luke Miao. (remm) + + Fix: Align error handling for Writer and OutputStream. Ensure use of + either once the response has been recycled triggers a + NullPointerException provided that discardFacades is configured with + the default value of true. (markt) + + Fix: 68692: The standard thread pool implementations that are configured + using the Executor element now implement ExecutorService for better + support NIO2. (remm) + + Fix: 68495: When restoring a saved POST request after a successful FORM + authentication, ensure that neither the URI, the query string nor the + protocol are corrupted when restoring the request body. (markt) + + Fix: 68721: Workaround a possible cause of duplicate class definitions + when using ClassFileTransformers and the transformation of a class also + triggers the loading of the same class. (markt) + + Fix: The rewrite valve should not do a rewrite if the output is + identical to the input. (remm) + + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to + allow skipping over the next valve in the Catalina pipeline. (remm) + + Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by + removing reference to org.apache.catalina.ssi package that is no longer + included in the JAR. Based on pull request #684 by Jendrik Johannes. + (markt) + + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences + are correctly removed from files containing property values when + configured to do so. Bug identified by Coverity Scan. (markt) + + Add: Add improvements to the CSRF prevention filter including the + ability to skip adding nonces for resource name and subtree URL patterns. + (schultz) + + Fix: Review usage of debug logging and downgrade trace or data dumping + operations from debug level to trace. (remm) + + Fix: 68089: Further improve the performance of request attribute + access for ApplicationHttpRequest and ApplicationRequest. (markt) + + Fix: 68559: Allow asynchronous error handling to write to the + response after an error during asynchronous processing. (markt) + * Coyote + + Fix: Improve the HTTP/2 stream prioritisation process. If a stream + uses all of the connection windows and still has content to write, it + will now be added to the backlog immediately rather than waiting until + the write attempt for the remaining content. (markt) + + Fix: Make asynchronous error handling more robust. Ensure that once + a connection is marked to be closed, further asynchronous processing + cannot change that. (markt) + + Fix: Make asynchronous error handling more robust. Ensure that once + the call to AsyncListener.onError() has returned to the container, only + container threads can access the AsyncContext. This protects against + various race conditions that woudl otherwise occur if application threads + continued to access the AsyncContext. + + Fix: Review usage of debug logging and downgrade trace or data + dumping operations from debug level to trace. In particular, most of the + HTTP/2 debug logging has been changed to trace level. (remm) + + Fix: Add support for user provided SSLContext instances configured + on SSLHostConfigCertificate instances. Based on pull request #673 + provided by Hakan Altındağ. (markt) + + Fix: Improve the Tomcat Native shutdown process to reduce the likelihood + of a JVM crash during Tomcat shutdown. (markt) + + Fix: Partial fix for 68558: Cache the result of converting to String + for request URI, HTTP header names and the request Content-Type value to + improve performance by reducing repeated byte[] to String conversions. + (markt) + + Fix: Improve error reporting to HTTP/2 clients for header processing + errors by reporting problems at the end of the frame where the error was + detected rather than at the end of the headers. (markt) + + Fix: Remove the remaining reference to a stream once the stream has + been recycled. This makes the stream eligible for garbage collection + earlier and thereby improves scalability. (markt) + * Jasper + + Add: Add support for specifying Java 22 (with the value 22) as the + compiler source and/or compiler target for JSP compilation. If used with + an Eclipse JDT compiler version that does not support these values, a + warning will be logged and the default will used. (markt) + + Fix: 68546: Generate optimal size and types for JSP imports maps, as + suggested by John Engebretson. (remm) + + Fix: Review usage of debug logging and downgrade trace or data + dumping operations from debug level to trace. (remm) + * Cluster + + Fix: Avoid updating request count stats on async. (remm) + * WebSocket + + Fix: Correct a regression in the fix for 66508 that could cause an + UpgradeProcessor leak in some circumstances. (markt) + + Fix: Review usage of debug logging and downgrade trace or data dumping + operations from debug level to trace. (remm) + + Fix: Ensure that WebSocket connection closure completes if the + connection is closed when the server side has used the proprietary + suspend/resume feature to suspend the connection. (markt) + * Web applications + + Add: Add support for responses in JSON format from the examples + application RequestHeaderExample. (schultz) + * Other + + Add: Improvements to French translations. (remm) + + Add: Improvements to Japanese translations by tak7iji. (markt) + + Update: Update Checkstyle to 10.13.0. (markt) + + Update: Update JSign to 6.0. (markt) + + Update: Add strings for debug level messages. (remm) + + Update: Update Tomcat Native to 1.3.0. (markt) + + Add: Improvements to French translations. (remm) + + Add: Improvements to Japanese translations by tak7iji. (markt) + ------------------------------------------------------------------- Wed Mar 6 07:18:06 UTC 2024 - Dan Čermák diff --git a/tomcat.spec b/tomcat.spec index 726de63..11a0a50 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 9 %define minor_version 0 -%define micro_version 85 +%define micro_version 87 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name}