From f5715fa1a7d23492837536c389b1adc7e43932a3226a8c8632b7dddd28ff7742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 01:25:51 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main tomcat revision 9833cf680863ca06c4f802c621f47f6a --- .gitattributes | 23 + _constraints | 7 + allowLinking.xslt | 19 + apache-tomcat-9.0.85-src.tar.gz | 3 + apache-tomcat-9.0.85-src.tar.gz.asc | 16 + tomcat-9.0-bootstrap-MANIFEST.MF.patch | 11 + tomcat-9.0-build-with-java-11.patch | 13 + tomcat-9.0-digest.script | 45 + tomcat-9.0-fix_catalina.patch | 11 + tomcat-9.0-javadoc.patch | 13 + tomcat-9.0-jdt.patch | 22 + tomcat-9.0-jsvc.service | 21 + tomcat-9.0-logrotate_everything.patch | 12 + tomcat-9.0-osgi-build.patch | 27 + tomcat-9.0-sle.catalina.policy.patch | 30 + tomcat-9.0-tomcat-users-webapp.patch | 19 + tomcat-9.0-tool-wrapper.script | 45 + tomcat-9.0.75-secretRequired-default.patch | 11 + tomcat-9.0.conf | 52 + tomcat-9.0.logrotate | 10 + tomcat-9.0.service | 25 + tomcat-9.0.sysconfig | 0 tomcat-9.0.wrapper | 24 + tomcat-functions | 42 + tomcat-named.service | 26 + tomcat-preamble | 61 + tomcat-rpmlintrc | 2 + tomcat-server | 25 + tomcat.changes | 1605 ++++++++++++++++++++ tomcat.keyring | 237 +++ tomcat.spec | 814 ++++++++++ valve.xslt | 16 + 32 files changed, 3287 insertions(+) create mode 100644 .gitattributes create mode 100644 _constraints create mode 100644 allowLinking.xslt create mode 100644 apache-tomcat-9.0.85-src.tar.gz create mode 100644 apache-tomcat-9.0.85-src.tar.gz.asc create mode 100644 tomcat-9.0-bootstrap-MANIFEST.MF.patch create mode 100644 tomcat-9.0-build-with-java-11.patch create mode 100644 tomcat-9.0-digest.script create mode 100644 tomcat-9.0-fix_catalina.patch create mode 100644 tomcat-9.0-javadoc.patch create mode 100644 tomcat-9.0-jdt.patch create mode 100644 tomcat-9.0-jsvc.service create mode 100644 tomcat-9.0-logrotate_everything.patch create mode 100644 tomcat-9.0-osgi-build.patch create mode 100644 tomcat-9.0-sle.catalina.policy.patch create mode 100644 tomcat-9.0-tomcat-users-webapp.patch create mode 100644 tomcat-9.0-tool-wrapper.script create mode 100644 tomcat-9.0.75-secretRequired-default.patch create mode 100644 tomcat-9.0.conf create mode 100644 tomcat-9.0.logrotate create mode 100644 tomcat-9.0.service create mode 100644 tomcat-9.0.sysconfig create mode 100644 tomcat-9.0.wrapper create mode 100644 tomcat-functions create mode 100644 tomcat-named.service create mode 100644 tomcat-preamble create mode 100644 tomcat-rpmlintrc create mode 100644 tomcat-server create mode 100644 tomcat.changes create mode 100644 tomcat.keyring create mode 100644 tomcat.spec create mode 100644 valve.xslt diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..290ed62 --- /dev/null +++ b/_constraints @@ -0,0 +1,7 @@ + + + + 2048 + + + diff --git a/allowLinking.xslt b/allowLinking.xslt new file mode 100644 index 0000000..817e15c --- /dev/null +++ b/allowLinking.xslt @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + + + + diff --git a/apache-tomcat-9.0.85-src.tar.gz b/apache-tomcat-9.0.85-src.tar.gz new file mode 100644 index 0000000..7e47d02 --- /dev/null +++ b/apache-tomcat-9.0.85-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bd5f0d636ec6d6a0512079d62137b46396cb3ef89e98c47ce172921386bece86 +size 6315926 diff --git a/apache-tomcat-9.0.85-src.tar.gz.asc b/apache-tomcat-9.0.85-src.tar.gz.asc new file mode 100644 index 0000000..984252d --- /dev/null +++ b/apache-tomcat-9.0.85-src.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmWXwOIACgkQaCSJWTWe +civPQA//Qy3b3J48H/thEWhTYXy+KlcRP8p10iJu/dtSRbU1kkjP8Cj5jl0j1TXJ +tf/qygoBV2ckJAVyJkul7TXsA5Memj2MoaK32bm/GEXd1Cv1BClBC2qDsSWcca/C +Ua3q/2tg9muVo3JhETash2iQN4AtIbeELrsRTwvV3+w1eeJ0OcE84xytSw0b3FQu +rv1rWBfzTnkGPB4Uipzpq6aXZtfW5B9isEhb1MniAHZYKMWhJ9svS0hWvQzhPHYo +X5sbmkhqht2MwVdUfw9CTwITydcRsJkdz1rMtcGXbfVEhvrZi9jeM0ygqf+RxPhi +nCSea80CeaKv4DFh3h0zYhk9k+Y6j23X4gF15tYz3JxV+tDTPD2nNnDXFyKg3RAH +CddjOXBQONKx1O1C4D1MkBaQdNwm1qS2rooxd61sMsYAuWACUMaIBn9SozwtyJ3K +WQx4nrpXOuLoqFGOv7eiVW5bYnxyg4jiQr6kWMFMXGhZtY9uj3uL1Ojll0EsRx1C +yIJHh0nVKuze2zuqMqp5g40q4f2/fFl3LJoArOkunxDpi8X4HpMP1STY+0dxOSxb +Mm9nF/10YpCyvZkvAdw3ymJEecXUJKAJiG3xCOUzCHtYnsF09kyqQ9Ho01CC5nSB +hCJ6kCqRAhE3jS0sXNh9HLKvHcvJGZ2IT/40AU9oRSVzZncMEUc= +=bszF +-----END PGP SIGNATURE----- diff --git a/tomcat-9.0-bootstrap-MANIFEST.MF.patch b/tomcat-9.0-bootstrap-MANIFEST.MF.patch new file mode 100644 index 0000000..73b7cba --- /dev/null +++ b/tomcat-9.0-bootstrap-MANIFEST.MF.patch @@ -0,0 +1,11 @@ +Index: apache-tomcat-9.0.82-src/res/META-INF/bootstrap.jar.manifest +=================================================================== +--- apache-tomcat-9.0.82-src.orig/res/META-INF/bootstrap.jar.manifest ++++ apache-tomcat-9.0.82-src/res/META-INF/bootstrap.jar.manifest +@@ -1,6 +1,5 @@ + Manifest-Version: 1.0 + Main-Class: org.apache.catalina.startup.Bootstrap +-Class-Path: commons-daemon.jar + Specification-Title: Apache Tomcat Bootstrap + Specification-Version: @VERSION_MAJOR_MINOR@ + Specification-Vendor: Apache Software Foundation diff --git a/tomcat-9.0-build-with-java-11.patch b/tomcat-9.0-build-with-java-11.patch new file mode 100644 index 0000000..80ccb4a --- /dev/null +++ b/tomcat-9.0-build-with-java-11.patch @@ -0,0 +1,13 @@ +Index: apache-tomcat-9.0.85-src/build.xml +=================================================================== +--- apache-tomcat-9.0.85-src.orig/build.xml ++++ apache-tomcat-9.0.85-src/build.xml +@@ -107,7 +107,7 @@ + + + +- ++ + + + diff --git a/tomcat-9.0-digest.script b/tomcat-9.0-digest.script new file mode 100644 index 0000000..fae10b3 --- /dev/null +++ b/tomcat-9.0-digest.script @@ -0,0 +1,45 @@ +#!/bin/sh +# +# tomcat-digest script +# JPackage Project + +# Source functions library +if [ -f /usr/share/java-utils/java-functions ] ; then + . /usr/share/java-utils/java-functions +else + echo "Can't find functions library, aborting" + exit 1 +fi + +# Get the tomcat config (use this for environment specific settings) +if [ -z "${TOMCAT_CFG}" ]; then + TOMCAT_CFG="/etc/tomcat/tomcat.conf" +fi + +if [ -r "$TOMCAT_CFG" ]; then + . $TOMCAT_CFG +fi + +set_javacmd + +# CLASSPATH munging +if [ -n "$JSSE_HOME" ]; then + CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)" +fi +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" +export CLASSPATH + +# Configuration +MAIN_CLASS="org.apache.catalina.startup.Tool" +BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\"" +BASE_OPTIONS="" +BASE_JARS="commons-daemon tomcat/catalina tomcat/servlet" + +# Set parameters +set_classpath $BASE_JARS +set_flags $BASE_FLAGS +set_options $BASE_OPTIONS + +# Let's start +run -server org.apache.catalina.realm.RealmBase "$@" diff --git a/tomcat-9.0-fix_catalina.patch b/tomcat-9.0-fix_catalina.patch new file mode 100644 index 0000000..e011406 --- /dev/null +++ b/tomcat-9.0-fix_catalina.patch @@ -0,0 +1,11 @@ +Index: apache-tomcat-9.0.43-src/conf/logging.properties +=================================================================== +--- apache-tomcat-9.0.43-src.orig/conf/logging.properties ++++ apache-tomcat-9.0.43-src/conf/logging.properties +@@ -77,3 +77,6 @@ org.apache.catalina.core.ContainerBase.[ + + # To see debug messages for WebSocket handling, uncomment the following line: + #org.apache.tomcat.websocket.level = FINE ++ ++1catalina.org.apache.juli.AsyncFileHandler.suffix = out ++1catalina.org.apache.juli.AsyncFileHandler.rotatable = false diff --git a/tomcat-9.0-javadoc.patch b/tomcat-9.0-javadoc.patch new file mode 100644 index 0000000..a16c32c --- /dev/null +++ b/tomcat-9.0-javadoc.patch @@ -0,0 +1,13 @@ +Index: apache-tomcat-9.0.35-src/build.xml +=================================================================== +--- apache-tomcat-9.0.35-src.orig/build.xml ++++ apache-tomcat-9.0.35-src/build.xml +@@ -2038,8 +2039,6 @@ Apache Tomcat ${version} native binaries + + + +- +- + + + diff --git a/tomcat-9.0-jdt.patch b/tomcat-9.0-jdt.patch new file mode 100644 index 0000000..be1cdcc --- /dev/null +++ b/tomcat-9.0-jdt.patch @@ -0,0 +1,22 @@ +--- apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 18:12:16.915658492 +0200 ++++ apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 19:45:14.491706823 +0200 +@@ -310,7 +310,7 @@ + } else if(opt.equals("15")) { + settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15); + } else if(opt.equals("16")) { +- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16); ++ settings.put(CompilerOptions.OPTION_Source, "16"); + } else if(opt.equals("17")) { + // Constant not available in latest ECJ version that runs on + // Java 8. +@@ -392,8 +392,8 @@ + settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15); + settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15); + } else if(opt.equals("16")) { +- settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16); +- settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16); ++ settings.put(CompilerOptions.OPTION_TargetPlatform, "16"); ++ settings.put(CompilerOptions.OPTION_Compliance, "16"); + } else if(opt.equals("17")) { + // Constant not available in latest ECJ version that runs on + // Java 8. diff --git a/tomcat-9.0-jsvc.service b/tomcat-9.0-jsvc.service new file mode 100644 index 0000000..34f8a26 --- /dev/null +++ b/tomcat-9.0-jsvc.service @@ -0,0 +1,21 @@ +# Systemd unit file for tomcat +# +# To create clones of this service: +# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined +# before tomcat-sysd is called. +# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat +# to override tomcat defaults + +[Unit] +Description=Apache Tomcat Web Application Container JSVC wrapper +After=syslog.target network.target + +[Service] +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf +Environment="NAME=" "USE_JSVC=true" +ExecStart=@LIBEXECDIR@/tomcat/server start +ExecStop=@LIBEXECDIR@/tomcat/server stop + +[Install] +WantedBy=multi-user.target diff --git a/tomcat-9.0-logrotate_everything.patch b/tomcat-9.0-logrotate_everything.patch new file mode 100644 index 0000000..d030579 --- /dev/null +++ b/tomcat-9.0-logrotate_everything.patch @@ -0,0 +1,12 @@ +Index: apache-tomcat-9.0.43-src/conf/logging.properties +=================================================================== +--- apache-tomcat-9.0.43-src.orig/conf/logging.properties ++++ apache-tomcat-9.0.43-src/conf/logging.properties +@@ -80,3 +80,7 @@ org.apache.catalina.core.ContainerBase.[ + + 1catalina.org.apache.juli.AsyncFileHandler.suffix = out + 1catalina.org.apache.juli.AsyncFileHandler.rotatable = false ++ ++2localhost.org.apache.juli.AsyncFileHandler.rotatable = false ++3manager.org.apache.juli.AsyncFileHandler.rotatable = false ++4host-manager.org.apache.juli.AsyncFileHandler.rotatable = false diff --git a/tomcat-9.0-osgi-build.patch b/tomcat-9.0-osgi-build.patch new file mode 100644 index 0000000..cc0ce1b --- /dev/null +++ b/tomcat-9.0-osgi-build.patch @@ -0,0 +1,27 @@ +--- apache-tomcat-9.0.75-src/build.xml 2023-05-22 18:12:16.995658642 +0200 ++++ apache-tomcat-9.0.75-src/build.xml 2023-05-22 19:41:42.051370923 +0200 +@@ -215,10 +215,10 @@ + + + +- + + + ++ + + + +@@ -3845,6 +3845,12 @@ + + + ++ ++ ++ ++ ++ ++ + + + diff --git a/tomcat-9.0-sle.catalina.policy.patch b/tomcat-9.0-sle.catalina.policy.patch new file mode 100644 index 0000000..da9102a --- /dev/null +++ b/tomcat-9.0-sle.catalina.policy.patch @@ -0,0 +1,30 @@ +Index: apache-tomcat-9.0.82-src/conf/catalina.policy +=================================================================== +--- apache-tomcat-9.0.82-src.orig/conf/catalina.policy ++++ apache-tomcat-9.0.82-src/conf/catalina.policy +@@ -171,6 +171,9 @@ grant { + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; + + // Precompiled JSPs need access to these packages. ++ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper"; ++ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet"; ++ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; + permission java.lang.RuntimePermission +@@ -220,6 +223,15 @@ grant codeBase "file:${catalina.home}/we + }; + + ++// Additional basic permissions for web applications. ++grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" { ++ permission java.security.AllPermission; ++}; ++ ++grant codeBase "file:/usr/share/java/tomcat-el-api.jar" { ++ permission java.security.AllPermission; ++}; ++ + // You can assign additional permissions to particular web applications by + // adding additional "grant" entries here, based on the code base for that + // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. diff --git a/tomcat-9.0-tomcat-users-webapp.patch b/tomcat-9.0-tomcat-users-webapp.patch new file mode 100644 index 0000000..f80eac7 --- /dev/null +++ b/tomcat-9.0-tomcat-users-webapp.patch @@ -0,0 +1,19 @@ +Index: apache-tomcat-9.0.82-src/conf/tomcat-users.xml +=================================================================== +--- apache-tomcat-9.0.82-src.orig/conf/tomcat-users.xml ++++ apache-tomcat-9.0.82-src/conf/tomcat-users.xml +@@ -53,4 +53,14 @@ + + + --> ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + diff --git a/tomcat-9.0-tool-wrapper.script b/tomcat-9.0-tool-wrapper.script new file mode 100644 index 0000000..9ab51c6 --- /dev/null +++ b/tomcat-9.0-tool-wrapper.script @@ -0,0 +1,45 @@ +#!/bin/sh +# +# tomcat-digest script +# JPackage Project + +# Source functions library +if [ -f /usr/share/java-utils/java-functions ] ; then + . /usr/share/java-utils/java-functions +else + echo "Can't find functions library, aborting" + exit 1 +fi + +# Get the tomcat config (use this for environment specific settings) +if [ -z "${TOMCAT_CFG}" ]; then + TOMCAT_CFG="/etc/tomcat/tomcat.conf" +fi + +if [ -r "$TOMCAT_CFG" ]; then + . $TOMCAT_CFG +fi + +set_javacmd + +# CLASSPATH munging +if [ -n "$JSSE_HOME" ]; then + CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)" +fi +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" +export CLASSPATH + +# Configuration +MAIN_CLASS="org.apache.catalina.startup.Tool" +BASE_OPTIONS="" +BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\"" +BASE_JARS="commons-daemon tomcat/catalina tomcat/servlet" + +# Set parameters +set_classpath $BASE_JARS +set_flags $BASE_FLAGS +set_options $BASE_OPTIONS + +# Let's start +run "$@" diff --git a/tomcat-9.0.75-secretRequired-default.patch b/tomcat-9.0.75-secretRequired-default.patch new file mode 100644 index 0000000..dfadea7 --- /dev/null +++ b/tomcat-9.0.75-secretRequired-default.patch @@ -0,0 +1,11 @@ +--- apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:12:16.907658477 +0200 ++++ apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:31:07.969096813 +0200 +@@ -177,7 +177,7 @@ + } + + +- private boolean secretRequired = true; ++ private boolean secretRequired = false; + + public void setSecretRequired(boolean secretRequired) { + this.secretRequired = secretRequired; diff --git a/tomcat-9.0.conf b/tomcat-9.0.conf new file mode 100644 index 0000000..d014c6b --- /dev/null +++ b/tomcat-9.0.conf @@ -0,0 +1,52 @@ +# System-wide configuration file for tomcat services +# This will be loaded by systemd as an environment file, +# so please keep the syntax. For shell expansion support +# place your custom files as /etc/tomcat/conf.d/*.conf +# +# There are 2 "classes" of startup behavior in this package. +# The old one, the default service named tomcat.service. +# The new named instances are called tomcat@instance.service. +# +# Use this file to change default values for all services. +# Change the service specific ones to affect only one service. +# For tomcat.service it's /etc/sysconfig/tomcat, for +# tomcat@instance it's /etc/sysconfig/tomcat@instance. + +# This variable is used to figure out if config is loaded or not. +TOMCAT_CFG_LOADED="1" + +# In new-style instances, if CATALINA_BASE isn't specified, it will +# be constructed by joining TOMCATS_BASE and NAME. +TOMCATS_BASE="/var/lib/tomcats/" + +# Where your java installation lives +#JAVA_HOME="/usr/libi64/jvm/jre" + +# Where your tomcat installation lives +CATALINA_HOME="@@@TCHOME@@@" + +# System-wide tmp +CATALINA_TMPDIR="/var/cache/tomcat/temp" + +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=/usr/lib" + +# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381 +JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory" + +# You can change your tomcat locale here +#LANG="en_US" + +# Run tomcat under the Java Security Manager +SECURITY_MANAGER="false" + +# Time to wait in seconds, before killing process +# TODO(stingray): does nothing, fix. +# SHUTDOWN_WAIT="30" + +# If you wish to further customize your tomcat environment, +# put your own definitions here +# (i.e. LD_LIBRARY_PATH for some jdbc drivers) diff --git a/tomcat-9.0.logrotate b/tomcat-9.0.logrotate new file mode 100644 index 0000000..1cf5a19 --- /dev/null +++ b/tomcat-9.0.logrotate @@ -0,0 +1,10 @@ +@@@TCLOG@@@/catalina.out @@@TCLOG@@@/localhost_access_log.txt @@@TCLOG@@@/host-manager.log @@@TCLOG@@@/localhost.log @@@TCLOG@@@/manager.log{ + notifempty + copytruncate + weekly + rotate 52 + compress + missingok + su tomcat tomcat + create 0644 tomcat tomcat +} diff --git a/tomcat-9.0.service b/tomcat-9.0.service new file mode 100644 index 0000000..07731a2 --- /dev/null +++ b/tomcat-9.0.service @@ -0,0 +1,25 @@ +# Systemd unit file for default tomcat +# +# To create clones of this service: +# DO NOTHING, use tomcat@.service instead. + +[Unit] +Description=Apache Tomcat Web Application Container +After=syslog.target network.target + +[Service] +TasksMax=576 +LimitNOFILE=8192 +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf +Environment="NAME=" +EnvironmentFile=-/etc/sysconfig/tomcat +ExecStart=@LIBEXECDIR@/tomcat/server start +ExecStop=@LIBEXECDIR@/tomcat/server stop +SuccessExitStatus=143 +User=tomcat +Group=tomcat + + +[Install] +WantedBy=multi-user.target diff --git a/tomcat-9.0.sysconfig b/tomcat-9.0.sysconfig new file mode 100644 index 0000000..473a0f4 diff --git a/tomcat-9.0.wrapper b/tomcat-9.0.wrapper new file mode 100644 index 0000000..420d649 --- /dev/null +++ b/tomcat-9.0.wrapper @@ -0,0 +1,24 @@ +#!/bin/bash + +if [ "$1" = "version" ]; then + . @LIBEXECDIR@/tomcat/preamble + exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ + org.apache.catalina.util.ServerInfo +fi + +SRV="tomcat" +if [ -n "$2" ]; then + SRV="tomcat@$2" +fi + +if [ "$1" = "start" ]; then + systemctl start ${SRV}.service +elif [ "$1" = "stop" ]; then + systemctl stop ${SRV}.service +elif [ "$1" = "version" ]; then + ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ + org.apache.catalina.util.ServerInfo +else + echo "Usage: $0 {start|stop|version} [server-id]" + exit 1 +fi diff --git a/tomcat-functions b/tomcat-functions new file mode 100644 index 0000000..721021c --- /dev/null +++ b/tomcat-functions @@ -0,0 +1,42 @@ +#!/bin/bash + +if [ -r /usr/share/java-utils/java-functions ]; then + . /usr/share/java-utils/java-functions +else + echo "Can't read Java functions library, aborting" + exit 1 +fi + +_save_function() { + local ORIG_FUNC=$(declare -f $1) + local NEWNAME_FUNC="$2${ORIG_FUNC#$1}" + eval "$NEWNAME_FUNC" +} + +run_jsvc(){ + if [ -x /usr/bin/jsvc ]; then + TOMCAT_USER="tomcat" + JSVC="/usr/bin/jsvc" + + JSVC_OPTS="-nodetach -pidfile /var/run/jsvc-tomcat${NAME}.pid -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out" + if [ "$1" = "stop" ]; then + JSVC_OPTS="${JSVC_OPTS} -stop" + fi + + exec "${JSVC}" ${JSVC_OPTS} ${FLAGS} -classpath "${CLASSPATH}" ${OPTIONS} "${MAIN_CLASS}" "${@}" + else + echo "Can't find /usr/bin/jsvc executable" + fi + +} + +_save_function run run_java + +run() { + if [ "${USE_JSVC}" = "true" ] ; then + run_jsvc $@ + else + run_java $@ + fi +} + diff --git a/tomcat-named.service b/tomcat-named.service new file mode 100644 index 0000000..2d742a7 --- /dev/null +++ b/tomcat-named.service @@ -0,0 +1,26 @@ +# Systemd unit file for tomcat instances. +# +# To create clones of this service: +# 0. systemctl enable tomcat@name.service +# 1. create catalina.base directory structure in +# /var/lib/tomcats/name +# 2. profit. + +[Unit] +Description=Apache Tomcat Web Application Container +After=syslog.target network.target + +[Service] +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf +Environment="NAME=%I" +EnvironmentFile=-/etc/sysconfig/tomcat@%I +ExecStart=@LIBEXECDIR@/tomcat/server start +ExecStop=@LIBEXECDIR@/tomcat/server stop +SuccessExitStatus=143 +User=tomcat +Group=tomcat + +[Install] +WantedBy=multi-user.target + diff --git a/tomcat-preamble b/tomcat-preamble new file mode 100644 index 0000000..23c40dd --- /dev/null +++ b/tomcat-preamble @@ -0,0 +1,61 @@ +#!/bin/bash + +. @LIBEXECDIR@/tomcat/functions + +# Get the tomcat config (use this for environment specific settings) + +if [ -z "${TOMCAT_CFG_LOADED}" ]; then + if [ -z "${TOMCAT_CFG}" ]; then + TOMCAT_CFG="/etc/tomcat/tomcat.conf" + fi + . $TOMCAT_CFG +fi + +if [ -d "${TOMCAT_CONFD=/etc/tomcat/conf.d}" ]; then + for file in ${TOMCAT_CONFD}/*.conf ; do + if [ -f "$file" ] ; then + . "$file" + fi + done +fi + +if [ -z "$CATALINA_BASE" ]; then + if [ -n "$NAME" ]; then + if [ -z "$TOMCATS_BASE" ]; then + TOMCATS_BASE="/var/lib/tomcats/" + fi + CATALINA_BASE="${TOMCATS_BASE}${NAME}" + else + CATALINA_BASE="${CATALINA_HOME}" + fi +fi + +# Include the optional setenv.sh script. +# (See section 3.4 of https://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt) +if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then + . "$CATALINA_BASE/bin/setenv.sh" +elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then + . "$CATALINA_HOME/bin/setenv.sh" +fi + +VERBOSE=1 +set_javacmd +cd ${CATALINA_HOME} +# CLASSPATH munging +if [ ! -z "$CLASSPATH" ] ; then + CLASSPATH="$CLASSPATH": +fi + +if [ -n "$JSSE_HOME" ]; then + CLASSPATH="${CLASSPATH}$(build-classpath jcert jnet jsse 2>/dev/null):" +fi +CLASSPATH="${CLASSPATH}${CATALINA_HOME}/bin/bootstrap.jar" +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" +CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" + +if [ -z "$LOGGING_PROPERTIES" ] ; then + LOGGING_PROPERTIES="${CATALINA_BASE}/conf/logging.properties" + if [ ! -f "${LOGGING_PROPERTIES}" ] ; then + LOGGING_PROPERTIES="${CATALINA_HOME}/conf/logging.properties" + fi +fi diff --git a/tomcat-rpmlintrc b/tomcat-rpmlintrc new file mode 100644 index 0000000..20bc763 --- /dev/null +++ b/tomcat-rpmlintrc @@ -0,0 +1,2 @@ +#fix of bnc#520532 +addFilter(".*non-etc-or-var-file-marked-as-conffile /usr/share/tomcat/tomcat-webapps/ROOT.*") diff --git a/tomcat-server b/tomcat-server new file mode 100644 index 0000000..18eb831 --- /dev/null +++ b/tomcat-server @@ -0,0 +1,25 @@ +#!/bin/bash + +. @LIBEXECDIR@/tomcat/preamble + +MAIN_CLASS=org.apache.catalina.startup.Bootstrap + +FLAGS="$JAVA_OPTS" +OPTIONS="-Dcatalina.base=$CATALINA_BASE \ +-Dcatalina.home=$CATALINA_HOME \ +-Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \ +-Djava.io.tmpdir=$CATALINA_TMPDIR \ +-Djava.util.logging.config.file=${LOGGING_PROPERTIES} \ +-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" + +if [ "$1" = "start" ] ; then + FLAGS="${FLAGS} $CATALINA_OPTS" + if [ "${SECURITY_MANAGER}" = "true" ] ; then + OPTIONS="${OPTIONS} \ + -Djava.security.manager \ + -Djava.security.policy==${CATALINA_BASE}/conf/catalina.policy" + fi + run start +elif [ "$1" = "stop" ] ; then + run stop +fi diff --git a/tomcat.changes b/tomcat.changes new file mode 100644 index 0000000..217521b --- /dev/null +++ b/tomcat.changes @@ -0,0 +1,1605 @@ +------------------------------------------------------------------- +Wed Mar 6 07:18:06 UTC 2024 - Dan Čermák + +- Add missing Requires(post): util-linux to have runuser into post + +------------------------------------------------------------------- +Mon Mar 4 16:49:37 UTC 2024 - Fridrich Strba + +- Add %%systemd_ordering to packages with systemd unit files, so + that the order is the right one if those packages find themselves + in the same transaction with systemd + +------------------------------------------------------------------- +Sat Feb 17 14:55:06 UTC 2024 - Fridrich Strba + +- Link ecj.jar into the install instead of copying it + +------------------------------------------------------------------- +Tue Feb 6 09:55:04 UTC 2024 - Michele Bussolotto + +- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530) + +------------------------------------------------------------------- +Fri Jan 26 12:33:23 UTC 2024 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208) + +------------------------------------------------------------------- +Wed Jan 17 16:57:21 UTC 2024 - Michele Bussolotto + +- Update to Tomcat 9.0.85 + * Fixed CVEs: + + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to + incorrect headers parsing (bsc#1217649) + * Catalina + + Update: 68378: Align extension to MIME type mappings in the + global web.xml with those in httpd by adding + application/vnd.geogebra.slides for ggs, text/javascript for mjs + and audio/ogg for opus. (markt) + + Fix: Background processes should not be run concurrently with + lifecycle operations of a container. (remm) + + Fix: Correct unintended escaping of XML in some WebDAV + responses. The XML list of support locks when provided in + response to a PROPFIND request was incorrectly XML escaped. + (markt) + + Fix: 68227: Ensure that AsyncListener.onComplete() is called + if AsyncListener.onError() calls AsyncContext.dispatch(). + (markt) + + Fix: 68228: Use a 408 status code if a read timeout occurs + during HTTP request processing. Includes a test case based on + code provided by adwsingh. (markt) + + Fix: 67667: TLSCertificateReloadListener prints unreadable + rendering of X509Certificate#getNotAfter(). (michaelo) + + Update: The status servlet included in the manager webapp + can now output statistics as JSON, using the JSON=true URL + parameter. (remm) + + Update: Optionally allow ServiceBindingPropertySource to + trim a trailing newline from a file containing a + property-value. (schultz) + + Fix: 67793: Ensure the original session timeout is restored + after FORM authentication if the user refreshes a page during + the FORM authentication process. Based on a suggestion by + Mircea Butmalai. (markt) + + Update: 67926: PEMFile prints unidentifiable string + representation of ASN.1 OIDs. (michaelo) + + Fix: 66875: Ensure that setting the request attribute + jakarta.servlet.error.exception is not sufficient to trigger + error handling for the current request and response. (markt) + + Fix: 68054: Avoid some file canonicalization calls + introduced by the fix for 65433. (remm) + + Fix: 68089: Improve performance of request attribute access + for ApplicationHttpRequest and ApplicationRequest. (markt) + + Fix: Use a 400 status code to report an error due to a bad + request (e.g. an invalid trailer header) rather than a 500 + status code. (markt) + + Fix: Ensure that an IOException during the reading of the + request triggers always error handling, regardless of whether + the application swallows the exception. (markt) + * Coyote + + Fix: Refactor the VirtualThreadExecutor so that it can be + used by the NIO2 connector which was using platform threads + even when configured to use virtual threads. (markt) + + Fix: Correct a regression in the fix for 67675 that broke + TLS key file parsing for PKCS#8 format keys that do not specify + an explicit pseudo-random function and rely on the default. + This typically affects keys generated by OpenSSL 1.0.2. + (markt) + + Fix: Allow multiple operations with the same name on + introspected mbeans, fixing a regression caused by the + introduction of a second addSslHostConfig method. (remm) + + Fix: Relax the check that the HTTP Host header is consistent + with the host used in the request line, if any, to make the + check case insensitive since host names are case insensitive. + (markt) + + Add: 68348: Add support for the partitioned attribute for + cookies. (markt) + + Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and + SSLHostConfig#certificateKeystorePasswordFile. (michaelo) + + Add: When calling + SSLHostConfigCertificate.setCertificateKeystore(ks), + automatically call setCertificateKeystoreType(ks.getType()). + (markt) + + Fix: 67628: Clarify how the ciphers attribute of the + SSLHostConfig is used. (markt) + + Fix: 67666: Ensure TLS connectors using PEM files either + work with the TLSCertificateReloadListener or, in the rare case + that they do not, log a warning on Connector start. (markt) + + Fix: 67675: Support a wider range of KDF and ciphers for PEM + files than the combinations supported by the JVM by default. + Specifically, support the OpenSSL default of HmacSHA256 and + DES-EDE3-CBC. (markt) + + Fix: 67927: Reloading TLS configuration can cause the + Connector to refuse new connections or the JVM to crash. + (markt) + + Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are + available, prefer 1.2.x since it supports the APR/Native + connector whereas 2.0.x does not. (markt) + + Fix: 67938: Correct handling of large TLS client hello + messages that were causing the TLS handshake to fail. (markt) + + Fix: 68026: Convert selected MessageByte values to String + when first accessed to speed up subsequent accesses and reduce + garbage collection. (markt) + * Jasper + + Code: 68119: Refactor the CompositeELResolver to improve + performance during type conversion operations. (markt) + + Fix: 68068: Performance improvement for EL. Based on a + suggestion by John Engebretson. (markt) + * Web Applications + + Fix: 68035: Additional fix to the Manager application to + enable the deployment of a web application located in a Host's + appBase where the web application is specified by a bare (no + path) WAR or directory name as shown in the documentation. + (markt) + + Fix: Examples. Improve the error handling so snakes + associated with a user that drops from the network are removed + from the game. (markt) + + Fix: 68035: Correct a regression in the fix for 56248 that + prevented deployment via the Manager of a WAR or directory that + was already present in the appBase or a context file that was + already present in the xmlBase. (markt) + * Other + + Update: Update Checkstyle to 10.12.7. (markt) + + Update: Update SpotBugs to 4.8.3. (markt) + + Add: Improvements to French translations. (remm) + + Add: Improvements to Japanese translations by tak7iji. + (markt) + + Update: Update UnboundID to 6.0.11. (markt) + + Update: Update Checkstyle to 10.12.5. (markt) + + Update: Update SpotBugs to 4.8.2. (markt) + + Update: Update Derby to 10.17.1. (markt) + + Add: Improvements to French translations. (remm) + + Add: Improvements to Japanese translations by tak7iji. + (markt) + + Add: Improvements to Brazilian Portuguese translations by + John William Vicente. (markt) + + Add: Improvements to Russian translations by usmazat and + remm. (markt) + + Add: 67538: Make use of Ant's task to enfore + the mininum Java build version. (michaelo) + + Update: Update Checkstyle to 10.12.4. (markt) + + Update: Update JaCoCo to 0.8.11. (markt) + + Update: Update SpotBugs to 4.8.0. (markt) + + Update: Update BND to 7.0.0. (markt) + + Update: The minimum Java version required to build Tomcat + has been raised to Java 17. (markt) +- Added patches: + * tomcat-9.0-build-with-java-11.patch + +------------------------------------------------------------------- +Wed Jan 17 14:53:08 UTC 2024 - Michele Bussolotto + +- change server.xml during %post instead of %posttrans + +------------------------------------------------------------------- +Fri Jan 12 13:18:52 UTC 2024 - Michele Bussolotto + +- Fix server.xml permission (bsc#1217768, bsc#1217402) +- remove serverxmltool and use xsltproc + +------------------------------------------------------------------- +Thu Nov 23 12:32:49 UTC 2023 - Ricardo Mestre + +- replace prep setup and patches macro with autosetup + +------------------------------------------------------------------- +Fri Oct 13 11:12:07 UTC 2023 - Fridrich Strba + +- Update to Tomcat 9.0.82 + * Fixed CVEs: + + CVE-2023-45648: Improve trailer header parsing (bsc#1216118) + + CVE-2023-42794: FileUpload: remove tmp files to avoid DoS + on Windows (bsc#1216120) + + CVE-2023-42795: Improve handling of failures during recycle() + methods (bsc#1216119) + * Catalina + + Add: 65770: Provide a lifecycle listener that will + automatically reload TLS configurations a set time before the + certificate is due to expire. This is intended to be used with + third-party tools that regularly renew TLS certificates. + + Fix: Fix handling of an error reading a context descriptor on + deployment. + + Fix: Fix rewrite rule qsd (query string discard) being ignored + if qsa was also use, while it should instead take precedence. + + Fix: 67472: Send fewer CORS-related headers when CORS is not + actually being engaged. + + Add: Improve handling of failures within recycle() methods. + * Coyote + + Fix: 67670: Fix regression with HTTP compression after code + refactoring. + + Fix: 67198: Ensure that the AJP connector attribute + tomcatAuthorization takes precedence over the + tomcatAuthentication attribute when processing an auth_type + attribute received from a proxy server. + + Fix: 67235: Fix a NullPointerException when an AsyncListener + handles an error with a dispatch rather than a complete. + + Fix: When an error occurs during asynchronous processing, + ensure that the error handling process is only triggered once + per asynchronous cycle. + + Fix: Fix logic issue trying to match no argument method in + IntropectionUtil. + + Fix: Improve thread safety around readNotify and writeNotify + in the NIO2 endpoint. + + Fix: Avoid rare thread safety issue accessing message digest + map. + + Fix: Improve statistics collection for upgraded connections + under load. + + Fix: Align validation of HTTP trailer fields with standard + fields. + + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, + CVE-2023-44487) + * jdbc-pool + + Fix: 67664: Correct a regression in the clean-up of + unnecessary use of fully qualified class names in 9.0.81 + that broke the jdbc-pool. + * Jasper + + Fix: 67080: Improve performance of EL expressions in JSPs that + use implicit objects + +------------------------------------------------------------------- +Thu Sep 21 16:41:56 UTC 2023 - Fridrich Strba + +- Update to Tomcat 9.0.80 + * Catalina + + Add RateLimitFilter which can be used to mitigate DoS and + Brute Force attacks + + Move the management of the utility executor from the + init()/destroy() methods of components to the start()/stop() + methods. + + Add org.apache.catalina.core.StandardVirtualThreadExecutor, + a virtual thread based executor that may be used with one or + more Connectors to process requests received by those + Connectors using virtual threads. This Executor requires a + minimum Java version of Java 21. + + 66513: Add a per session Semaphore to the PersistentValve that + ensures that, within a single Tomcat instance, there is no + more than one concurrent request per session. Also expand the + debug logging to include whether a request bypasses the Valve + and the reason if a request fails to obtain the per session + Semaphore. + + 66609: Ensure that the default servlet correctly escapes file + names in directory listings when using XML output. + + 66618: Add a numeric last modified field to the XML directory + listings produced by the default servlet to enable sorting in + the XSLT. + + 66621: Attempts to lock a collection with WebDAV may + incorrectly fail if a child collection has an expired lock. + + 66622: Deprecate the xssProtectionEnabled setting from the + HttpHeaderSecurityFilter and change the default value to false + as support for the associated HTTP header has been removed + from all major browsers. + + 59232: Add org.apache.catalina.core.ContextNamingInfoListener, + a listener which creates context naming information + environment entries. + + 66665: Add + org.apache.catalina.core.PropertiesRoleMappingListener, a + listener which populates the context's role mapping from a + properties file. + + Fix an edge case where intra-web application symlinks would be + followed if the web applications were deliberately crafted to + allow it even when allowLinking was set to false. + + Add utility config file resource lookup on Context to allow + looking up resources from the webapp (prefixed with webapp:) + and make the resource lookup API more visible. + + Fix potential database connection leaks in + DataSourceUserDatabase identified by Coverity Scan. + + Make parsing of ExtendedAccessLogValve patterns more robust. + + Fix failure trying to persist configuration for an internal + credential handler. + + 66680: When serializing a session during the session + presistence process, do not log a warning that null Principals + are not serializable. + + Catch NamingException in JNDIRealm#getPrincipal. It is used in + Java up to 17 to signal closed connections. + + 66822: Use the same naming format in log messages for + Connector instances as the associated ProtocolHandler instance. + + The parts count should also lower the actual maxParameterCount + used for parsing parameters if parts are parsed first. + + If an application or library sets both a non-500 error code + and the javax.servlet.error.exception request attribute, use + the provided error code during error page processing rather + than assuming an error code of 500. + + Update code comments and Tomcat output to use MiB for + 1024 * 1024 bytes and KiB for 1024 bytes rather than + MB and kB. + + Avoid protocol relative redirects in FORM authentication + (CVE-2023-41080, bsc#1214666). + * Coyote + + Update the HTTP/2 implementation to use the prioritization + scheme defined in RFC 9218 rather than the one defined in + RFC 7540. + + 66602: not sending WINDOW_UPDATE when dataLength is ZERO on + call SwallowedDataFramePayload. + + 66627: Restore the documented behaviour of + MessageBytes.getType() that it returns the type of the + original content rather than reflecting the most recent + conversion. + + 66635: Correct certificate logging on start-up so it + differentiates between keystore based keys/certificates and + PEM file based keys/certificates and logs the relevant + information for each. + + Refactor blocking reads and writes for the NIO connector to + remove code paths that could allow a notification from the + Poller to be missed resuting in a timeout rather than the + expected read or write. + + Refactor waiting for an HTTP/2 stream or connection window + update to handle spurious wake-ups during the wait. + + Correct a regression introduced in 9.0.78 and use the correct + constant when constructing the default value for the + certificateKeystoreFile attribute of an + SSLHostConfigCertificate instance. + + Refactor HTTP/2 implementation to reduce pinning when using + virtual threads. + + Pass through ciphers referring to an OpenSSL profile, such as + PROFILE=SYSTEM instead of producing an error trying to parse + it. + + 66841: Ensure that AsyncListener.onError() is called after an + error during asynchronous processing with HTTP/2. + + 66842: When using asynchronous I/O (the default for NIO and + NIO2), include DATA frames when calculating the HTTP/2 + overhead count to ensure that connections are not prematurely + terminated. + + Correct a race condition that could cause spurious RST + messages to be sent after the response had been written to an + HTTP/2 stream. + * WebSocket + + 66548: Expand the validation of the value of the + Sec-Websocket-Key header in the HTTP upgrade request that + initiates a WebSocket connection. The value is not decoded but + it is checked for the correct length and that only valid + characters from the base64 alphabet are used. + + Improve handling of error conditions for the WebSocket server, + particularly during Tomcat shutdown. + + Correct a regression in the fix for 66574 that meant the + WebSocket session could return false for onOpen() before the + onClose() event had been completed. + + 66681: Fix a NullPointerException when flushing batched + messages with compression enabled using permessage-deflate. + * Web applications + + Documentation. Expand the security guidance to cover the + embedded use case and add notes on the uses made of the + java.io.tmpdir system property. + + 66662: Documentation. Fix a typo in the name of the algorithms + attribute in the configuration section for the Digest + authentication value. + + Documentation. Update documentation to use MiB for + 1024 * 1024 bytes and KiB for 1024 bytes rather than + MB and kB. + * jdbc-pool + + Fix the releaseIdleCounter does not increment when testAllIdle + releases them. + + Fix the ConnectionState state will be inconsistent with actual + state on the connection when an exception occurs while + writing. + * Other + + Update to Commons Daemon 1.3.4. + + Improvements to French translations. + + Update Checkstyle to 10.12.0. + + Update the packaged version of the Apache Tomcat Native + Library to 1.2.37 to pick up the Windows binaries built with + with OpenSSL 1.1.1u. + + Include the Windows specific binary distributions in the files + uploaded to Maven Central. + + Improvements to French translations. + + Improvements to Japanese translations. + + Update UnboundID to 6.0.9. + + Update Checkstyle to 10.12.1. + + Update BND to 6.4.1. + + Update JSign to 5.0. + + Correct properties for JSign dependency. + + Align documentation for maxParameterCount to match hard-coded + defaults. + + Update NSIS to 3.0.9. + + Update Checkstyle to 10.12.2. + + Improvements to French translations. + + Improvements to Japanese translations. + + 66829: Fix quoting so users can use the _RUNJAVA environment + variable as intended on Windows when the path to the Java + executable contains spaces. + + Update Tomcat Native to 1.2.38 to pick up Windows binaries + built with OpenSSL 1.1.1v. + + Improvements to Chinese translations. + + Improvements to French translations. + + Improvements to Japanese translations +- Removed patch: + * tomcat-9.0.75-CVE-2023-41080.patch + + integrated in this version + +------------------------------------------------------------------- +Thu Sep 21 13:19:54 UTC 2023 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) +- Added patches: + * tomcat-9.0.75-CVE-2023-41080.patch + +------------------------------------------------------------------- +Mon Sep 18 06:03:34 UTC 2023 - Fridrich Strba + +- Modified patch: + * tomcat-9.0-osgi-build.patch + + make it more robust to change in number of artifacts in bnd + + do not enumerate jars, just take all jars from the aqute-bnd + directory into the classpath + +------------------------------------------------------------------- +Tue Sep 12 11:30:29 UTC 2023 - Fridrich Strba + +- Require(pre) shadow because groupadd is needed early + +------------------------------------------------------------------- +Tue May 23 04:25:45 UTC 2023 - Fridrich Strba + +- Update to Tomcat 9.0.75. + * See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt) + * Fixes: + + bsc#1211608, CVE-2023-28709 + + bsc#1208513, CVE-2023-24998 (previous incomplete fix) +- Remove patches: + * tomcat-9.0-CVE-2021-30640.patch + * tomcat-9.0-CVE-2021-33037.patch + * tomcat-9.0-CVE-2021-41079.patch + * tomcat-9.0-CVE-2022-23181.patch + * tomcat-9.0-NPE-JNDIRealm.patch + * tomcat-9.0-hardening_getResources.patch + * tomcat-9.0.43-CVE-2021-43980.patch + * tomcat-9.0.43-CVE-2022-42252.patch + * tomcat-9.0.43-CVE-2022-45143.patch + * tomcat-9.0.43-CVE-2023-24998.patch + * tomcat-9.0.43-CVE-2023-28708.patch + + integrated in this version + * tomcat-9.0.43-java8compat.patch + + problem with Java 8 compatibility solved in this version +- Modified patch: + * tomcat-9.0.31-secretRequired-default.patch + -> tomcat-9.0.75-secretRequired-default.patch + + rediffed to changed context + * tomcat-9.0-javadoc.patch + + drop integrated hunks + * tomcat-9.0-osgi-build.patch + + fix to work with current version +- Added patch: + * tomcat-9.0-jdt.patch + + fix build against our ecj + +------------------------------------------------------------------- +Fri Apr 7 07:56:31 UTC 2023 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840) +- Added patches: + * tomcat-9.0.43-CVE-2022-45143.patch + +------------------------------------------------------------------- +Thu Mar 23 08:06:31 UTC 2023 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2023-28708: tomcat: not including the secure attribute + causes information disclosure (bsc#1209622) +- Added patches: + * tomcat-9.0.43-CVE-2023-28708.patch + +------------------------------------------------------------------- +Tue Feb 28 11:14:24 UTC 2023 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513) +- Added patches: + * tomcat-9.0.43-CVE-2023-24998.patch + +------------------------------------------------------------------- +Fri Dec 23 08:20:55 UTC 2022 - Michele Bussolotto + +- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt +- use logrotate for catalina.out + * update tomcat-serverxml-tool and spec to configure server.xml +- Added patch: + * tomcat-9.0-logrotate_everything.patch + * tomcat-serverxml-tool.tar.gz +- Removed: + * tomcat-serverxml-tool-1.0.tar.gz + +------------------------------------------------------------------- +Tue Nov 29 14:46:26 UTC 2022 - Michele Bussolotto + +- Use catalina.out for logging (bsc#1205647) +- Added patches: + * tomcat-9.0-fix_catalina.patch + +------------------------------------------------------------------- +Mon Nov 21 07:42:34 UTC 2022 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918) +- Added patches: + * tomcat-9.0.43-CVE-2022-42252.patch + +------------------------------------------------------------------- +Thu Oct 20 15:58:40 UTC 2022 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) +- Added patches: + * tomcat-9.0.43-CVE-2021-43980.patch + +------------------------------------------------------------------- +Wed Jul 13 13:41:43 UTC 2022 - Fridrich Strba + +- Do not hardcode /usr/libexec but use %%_libexecdir during the + build + * Fixes for platforms, where /usr/libexec and %%_libexecdir are + different + +------------------------------------------------------------------- +Thu Jul 7 15:35:34 UTC 2022 - Fridrich Strba + +- Fix bsc#1201081 by building with release=8 all files that can be + built this way. The one file remaining, build it with source=8 and + target=8 +- Modified patch: + * tomcat-9.0.43-java8compat.patch + + Do not cast ByteBuffer to Buffer to call the Java 8 compatible + methods. Build with release=8 instead + +------------------------------------------------------------------- +Thu Apr 7 08:48:46 UTC 2022 - Michele Bussolotto + +- Security hardening. Deprecate getResources() and always return null. (bsc#1198136) +- Added patch: tomcat-9.0-hardening_getResources.patch + +------------------------------------------------------------------- +Wed Feb 23 11:57:30 UTC 2022 - Fridrich Strba + +- Remove dependency on log4j/reload4j completely (bsc#1196137) + +------------------------------------------------------------------- +Tue Feb 22 19:00:25 UTC 2022 - Fridrich Strba + +- Do not build against the log4j12 packages, use the new reload4j + +------------------------------------------------------------------- +Fri Jan 28 14:01:40 UTC 2022 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) +- Added patches: + * tomcat-9.0-CVE-2022-23181.patch + +------------------------------------------------------------------- +Mon Jan 10 16:16:16 UTC 2022 - olaf@aepfle.de + +- remove instance units from post scripts, they can not be reloaded + +------------------------------------------------------------------- +Fri Dec 10 11:20:54 UTC 2021 - Michele Bussolotto + +- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) +- Added patch: + * tomcat-9.0-NPE-JNDIRealm.patch + +------------------------------------------------------------------- +Wed Nov 10 06:51:24 UTC 2021 - Fridrich Strba + +- Modified patch: + * tomcat-9.0-osgi-build.patch + + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0 + +------------------------------------------------------------------- +Fri Oct 29 11:15:32 UTC 2021 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279) + * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278) +- Added patches: + * tomcat-9.0-CVE-2021-30640.patch + * tomcat-9.0-CVE-2021-33037.patch + +------------------------------------------------------------------- +Thu Oct 28 08:33:07 UTC 2021 - Michele Bussolotto + +- Fixed CVEs: + * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558) +- Added patches: + * tomcat-9.0-CVE-2021-41079.patch + +------------------------------------------------------------------- +Mon Oct 18 21:42:48 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.43. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt) +- Removed Patches because fixed upstream now: + * tomcat-9.0-CVE-2021-25122.patch + * tomcat-9.0-CVE-2021-25329.patch +- Rebased patch: + tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch + +------------------------------------------------------------------- +Mon Oct 18 18:26:39 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.41. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt) + +------------------------------------------------------------------- +Mon Oct 18 13:05:17 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.40. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt) +- Removed Patches because fixed upstream now: + * tomcat-9.0-CVE-2020-17527.patch + * tomcat-9.0-CVE-2021-24122.patch + +------------------------------------------------------------------- +Mon Mar 22 13:11:34 UTC 2021 - Abid Mehmood + +- Fixed CVEs: + * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) + * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) +- Added patches: + * tomcat-9.0-CVE-2021-25122.patch + * tomcat-9.0-CVE-2021-25329.patch + +------------------------------------------------------------------- +Wed Mar 17 16:16:52 UTC 2021 - Abid Mehmood + +- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947) +- Added patch: + * tomcat-9.0-CVE-2021-24122.patch + +------------------------------------------------------------------- +Mon Mar 15 21:42:07 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.39. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt) +- Rebased patches: + * tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch + +------------------------------------------------------------------- +Mon Mar 15 14:57:39 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.38. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt) +- Rebased patches: + * tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch +- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now + +------------------------------------------------------------------- +Mon Feb 22 08:56:03 UTC 2021 - Marcel Witte + +- Update to Tomcat 9.0.37. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt) +- Fixed CVEs: + * CVE-2020-13934 (bsc#1174121) + * CVE-2020-13935 (bsc#1174117) +- Rebased patches: + * tomcat-9.0-osgi-build.patch + * tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch + +------------------------------------------------------------------- +Wed Dec 16 12:17:22 UTC 2020 - Abid Mehmood + +- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602) +- Added patch: + * tomcat-9.0-CVE-2020-17527.patch + +------------------------------------------------------------------- +Tue Nov 3 10:08:03 UTC 2020 - Matei Albu + +- Add source url for tomcat-serverxml-tool +- Fix typo in tomcat-webapps %postun that caused /examples + context to remain in server.xml when package was removed +- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from + package. They're not used anymore becuse of systemd (bsc#1178396) + +------------------------------------------------------------------- +Fri Oct 30 17:05:52 UTC 2020 - Matei Albu + +- Fix tomcat-servlet-4_0-api package alternatives to use + /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. + Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. + (bsc#1092163) +- Change default file ownership in tomcat-webapps from + tomcat:tomcat to root:tomcat + +------------------------------------------------------------------- +Tue Oct 13 11:23:32 UTC 2020 - Matei Albu + +- Fix CVE-2020-13943 (bsc#1177582) +- Added patch: + * tomcat-9.0-CVE-2020-13943.patch +- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup + scripts (bsc#1177601) + +------------------------------------------------------------------- +Tue Oct 13 10:47:39 UTC 2020 - Jan Engelhardt + +- Replace old specfile constructs. Remove support for SUSE 11.x. +- Drop %systemd_requires, which is considered a no-op. +- Trim redundant license mention from description. +- Make documentation noarch. +- Do not suppress errors from useradd. + +------------------------------------------------------------------- +Wed Aug 26 06:04:58 UTC 2020 - Fridrich Strba + +- Avoid hardcoding /usr/lib as libexecdir + +------------------------------------------------------------------- +Wed Jul 29 20:48:14 UTC 2020 - Matei Albu + +- Don't give write permissions for the tomcat group on files and + directories where it's not needed (bsc#1172562) +- Change tomcat.pid location from /var/run to /run (bsc#1173103) +- Use the /sbin/nologin shell when creating the tomcat user +- Use %tmpfiles_create macro in %post instead of calling + systemd-tmpfiles directly + +------------------------------------------------------------------- +Fri Jun 26 08:03:01 UTC 2020 - Fridrich Strba + +- Update to Tomcat 9.0.36. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt) +- Fixed CVEs: + CVE-2020-11996 (bsc#1173389) + +------------------------------------------------------------------- +Tue May 26 14:58:13 UTC 2020 - Matei Albu + +- Update to Tomcat 9.0.35. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) +- Fixed CVEs: + - CVE-2020-9484 (bsc#1171928) +- Rebased patches: + * tomcat-9.0-javadoc.patch + * tomcat-9.0-osgi-build.patch + * tomcat-9.0.31-java8compat.patch + +------------------------------------------------------------------- +Fri Apr 10 15:43:59 UTC 2020 - Javier Llorente + +- Update to Tomcat 9.0.34. See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt) +- Notable changes: + * Add support for default values when using ${...} property + replacement in configuration files. Based on a pull request + provided by Bernd Bohmann. + * When configuring an HTTP Connector, warn if the encoding + specified for URIEncoding is not a superset of US-ASCII as + required by RFC 7230. + * Replace the system property + org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with + the Connector attribute encodedSolidusHandling that adds an + additional option to pass the %2f sequence through to the + application without decoding it in addition to rejecting such + sequences and decoding such sequences. + +------------------------------------------------------------------- +Mon Mar 30 11:13:09 UTC 2020 - Matei Albu + +- Update to Tomcat 9.0.33. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) +- Notable fix: corrected a regression in the improvements to HTTP + header parsing (bsc#1167438) +- Rebased patches: + * tomcat-9.0-javadoc.patch + * tomcat-9.0-osgi-build.patch + * tomcat-9.0.31-java8compat.patch + +------------------------------------------------------------------- +Fri Feb 28 10:15:08 UTC 2020 - Matei Albu + +- Change default value of AJP connector secretRequired to false +- Added patch: + * tomcat-9.0.31-secretRequired-default.patch + +------------------------------------------------------------------- +Tue Feb 25 13:24:14 UTC 2020 - Fridrich Strba + +- Update to Tomcat 9.0.31. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) +- Fixed CVEs: + * CVE-2019-17569 (bsc#1164825) + * CVE-2020-1935 (bsc#1164860) + * CVE-2020-1938 (bsc#1164692) +- Modified patch + * tomcat-9.0.30-java8compat.patch + -> tomcat-9.0.31-java8compat.patch + + Adapt to changed context + +------------------------------------------------------------------- +Wed Jan 29 16:49:29 UTC 2020 - Matei Albu + +- Modified patch: + * tomcat-9.0.30-java8compat.patch + + add missing casts (bsc#1162081) + +------------------------------------------------------------------- +Mon Jan 20 13:36:39 UTC 2020 - Fridrich Strba + +- Change back the build to build with any Java >= 1.8 +- Added patch: + * tomcat-9.0.30-java8compat.patch + + Cast java.nio.ByteBuffer and java.nio.CharBuffer to + java.nio.Buffer in order to avoid calling Java 9+ APIs + (functions with co-variant return types) +- Renamed patch: + * tomcat-9.0-disable-osgi-build.patch + -> tomcat-9.0-osgi-build.patch + + Do not disable, but fix OSGi build since we have now + aqute-bnd + +------------------------------------------------------------------- +Fri Jan 17 14:26:15 UTC 2020 - Matei Albu + +- Change build to always use Java 1.8 (bsc#1161025). + +------------------------------------------------------------------- +Fri Dec 27 10:22:58 UTC 2019 - Matei Albu + +- Update to Tomcat 9.0.30. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) +- Fixed CVEs: + - CVE-2019-0221 (bsc#1136085) + - CVE-2019-10072 (bsc#1139924) + - CVE-2019-12418 (bsc#1159723) + - CVE-2019-17563 (bsc#1159729) +- Removed patch: + * tomcat-9.0-JDTCompiler-java.patch + + It was not applied + +------------------------------------------------------------------- +Mon Nov 18 09:13:10 UTC 2019 - Fridrich Strba + +- Update to Tomcat 9.0.27. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt) +- Uset aqute-bnd to generate OSGi manifest, since we have that + package now in openSUSE:Factory +- Removed patch: + * tomcat-9.0-disable-osgi-build.patch + + not needed + +------------------------------------------------------------------- +Fri Nov 15 23:25:47 UTC 2019 - Fridrich Strba + +- Add maven pom files for tomcat-jni and tomcat-jaspic-api + +------------------------------------------------------------------- +Fri Oct 4 13:32:51 UTC 2019 - Fridrich Strba + +- Distribute the pom file also for tomcat-util-scan artifact + +------------------------------------------------------------------- +Tue Oct 1 12:29:16 UTC 2019 - Fridrich Strba + +- Build against compatibility log4j12 package + +------------------------------------------------------------------- +Wed Sep 25 12:18:29 UTC 2019 - Fridrich Strba + +- Adapt to the new ecj directory layout + +------------------------------------------------------------------- +Wed Jun 12 14:50:12 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Mon May 20 20:40:08 UTC 2019 - Matei + +- Update to Tomcat 9.0.20. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) +- increase maximum number of threads and open files for tomcat (bsc#1111966) + +------------------------------------------------------------------- +Mon Apr 22 17:01:17 UTC 2019 - malbu@suse.com + +- Update to Tomcat 9.0.19. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) + Notable packaging changes: + - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. + The classes contained in this jar were merged into + /usr/share/java/tomcat/catalina.jar. +- Fixed CVEs: + - CVE-2019-0199 (bsc#1131055) +- Rebased patch: + - tomcat-9.0-JDTCompiler-java.patch + - tomcat-9.0-javadoc.patch + +------------------------------------------------------------------- +Mon Apr 15 13:53:30 UTC 2019 - Fridrich Strba + +- Build classpath directly with the geronimo jars instead of with + symlinks to them + +------------------------------------------------------------------- +Tue Feb 19 17:22:16 UTC 2019 - malbu@suse.com + +- Don't overwrite changes made to server.xml contexts when updating + bundled webapps. + +------------------------------------------------------------------- +Mon Feb 18 15:55:12 UTC 2019 - malbu@suse.com + +- Set javac target to 1.8 when building docs samples and serverxmltool + +------------------------------------------------------------------- +Tue Feb 5 09:50:35 UTC 2019 - malbu@suse.com + +- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps + (bsc#1092341). Affected packages: + - tomcat-webapps + - tomcat-admin-webapps + - tomcat-docs-webapp +- Remove %doc directive from tomcat-docs-webapps files section so that + zypper installs files even if rpm.install.excludedocs is set to yes. + +------------------------------------------------------------------- +Mon Feb 4 15:35:43 UTC 2019 - malbu@suse.com + +- Require Java 1.8 or later (bsc#1123407) + +------------------------------------------------------------------- +Sat Jan 26 08:07:36 UTC 2019 - Fridrich Strba + +- Clean up OSGi manifest injection +- Put embed maven metadata into embed subpackage +- Use the .mfiles* lists generated by %%add_maven_depmap macro + +------------------------------------------------------------------- +Wed Jan 16 17:05:36 UTC 2019 - malbu@suse.com + +- Fix tomcat-tool-wrapper classpath error (bsc#1120745) + +------------------------------------------------------------------- +Fri Jan 11 15:46:43 UTC 2019 - malbu@suse.com + +- Fix tomcat-digest classpath error (bsc#1120745) + +------------------------------------------------------------------- +Sat Dec 29 10:08:17 UTC 2018 - ecsos@opensuse.org + +- Update to Tomcat 9.0.14. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt) + +------------------------------------------------------------------- +Wed Dec 5 08:05:30 UTC 2018 - Fridrich Strba + +- Add pom files for tomcat-jdbc and tomcat-dbcp +- Add org.eclipse.jetty.orbit* aliases to correspondant artifacts + +------------------------------------------------------------------- +Fri Nov 09 07:16:23 UTC 2018 - sean@suspend.net + +- Update to Tomcat 9.0.13. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt) + +------------------------------------------------------------------- +Thu Oct 18 08:12:41 UTC 2018 - malbu@suse.com + +- Update to Tomcat 9.0.12. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) +- Fixed CVEs: + - CVE-2018-11784 (bsc#1110850) +- Rebased patches: + - tomcat-9.0-disable-osgi-build.patch + - tomcat-9.0-javadoc.patch + - tomcat-9.0-sle.catalina.policy.patch + - tomcat-9.0-tomcat-users-webapp.patch + +------------------------------------------------------------------- +Tue Sep 11 10:34:02 UTC 2018 - ecsos@opensuse.org + +- Declare following files to config(noreplace) to prevent override + access rights: + - host-manager/META-INF/context.xml + - manager/META-INF/context.xml + +------------------------------------------------------------------- +Sun Aug 26 22:01:07 UTC 2018 - malbu@suse.com + +- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's + configuration during update (bsc#1067720) + +------------------------------------------------------------------- +Tue Aug 16 14:13:23 UTC 2018 - malbu@suse.com + +- Update to Tomcat 9.0.10. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) +- Fixed CVEs: + - CVE-2018-1336 (bsc#1102400) + - CVE-2018-8014 (bsc#1093697) + - CVE-2018-8034 (bsc#1102379) + - CVE-2018-8037 (bsc#1102410) +- Rebased patch tomcat-9.0-JDTCompiler-java.patch +- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding + OSGi metadata to JAR files + +------------------------------------------------------------------- +Wed Feb 16 16:38:14 UTC 2018 - malbu@suse.de + +- Update to Tomcat 9.0.5. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt) + +------------------------------------------------------------------- +Wed Jan 17 09:34:14 UTC 2018 - fstrba@suse.com + +- Modified patch: + * tomcat-9.0-javadoc.patch + + Don't append to javadoc --add-modules since we are building + with source=8 + + Avoid accessing Internet URLs from build environment + +------------------------------------------------------------------- +Fri Dec 1 21:46:18 UTC 2017 - malbu@suse.com + +- Update to Tomcat 9.0.2: + * Major update for tomcat8 from tomcat9 + * For full changelog please read upstream changes at: + + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html + * Rename all tomcat-8.0-* files to tomcat-9.0-* +- Changed patches: + * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch + * Deleted: tomcat-8.0-sle.catalina.policy.patch + * Deleted: tomcat-8.0-tomcat-users-webapp.patch + * Deleted: tomcat-8.0.33-JDTCompiler-java.patch + * Deleted: tomcat-8.0.44-javadoc.patch + * Deleted: tomcat-8.0.9-property-build.windows.patch + * Added: tomcat-9.0-JDTCompiler-java.patch + * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch + * Added: tomcat-9.0-javadoc.patch + * Added: tomcat-9.0-sle.catalina.policy.patch + * Added: tomcat-9.0-tomcat-users-webapp.patch +- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api + to reflect the new Servlet API version. +- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf +- Added "tomcat-" prefix to lib symlinks under + /usr/share/java to avoid file conflicts with servletapi5 + and geronimo-specs +- Fixed wrong %ghost file paths for alternatives symlinks + +------------------------------------------------------------------- +Thu Nov 23 13:50:29 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Oct 23 09:42:48 UTC 2017 - malbu@suse.com + +- Build with JDK 8 to fix runtime errors when running with JDK 7 + and 8 +- Fix tomcat-digest classpath error (bsc#977410) +- Fix packaged /etc/alternatives symlinks for api libs that caused + rpm -V to report link mismatch (bsc#1019016) + +------------------------------------------------------------------- +Mon Oct 23 06:07:05 UTC 2017 - ecsos@opensuse.org + +- update to 8.0.47 + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html + * Fixed CVE: + - CVE-2017-12617 +- rebase tomcat-8.0-sle.catalina.policy.patch + +------------------------------------------------------------------- +Tue Sep 19 09:07:39 UTC 2017 - fstrba@suse.com + +- Added patch: + * tomcat-8.0.44-javadoc.patch + - generate documentation with the same source level as class + files + - fixes build with jdk9 + +------------------------------------------------------------------- +Fri Jun 9 05:44:53 UTC 2017 - ecsos@opensuse.org + +- Version update to 8.0.44: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html + * Fixed CVE: + - CVE-2017-5664 (bsc#1042910) + +------------------------------------------------------------------- +Fri May 19 09:22:56 UTC 2017 - dziolkowski@suse.com + +- New build dependency: javapackages-local + +------------------------------------------------------------------- +Tue May 9 13:36:47 UTC 2017 - malbu@suse.com + +- Version update to 8.0.43: + * Another bugfix release, for full details see: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html + * Fixed CVEs: + - CVE-2017-5647 (bnc#1033448) + - CVE-2017-5648 (bnc#1033447) + - CVE-2016-8745 +- Renamed and rebased patches: + * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch +- Enable optional setenv.sh script. See section + "(3.4) Using the "setenv" script (optional, recommended)" in + http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt + (bnc#1002662) +- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). + Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, + tomcat-servlet-3_0-api + +------------------------------------------------------------------- +Wed Dec 21 21:49:10 UTC 2016 - astieger@suse.com + +- update to 8.0.39: (boo#1003911) + * Improve handling of I/O errors with async processing + * Fail earlier on invalid HTTP request +- includes changes from 8.0.38: + * Refactoring the non-container thread Async complete()/dispatch() + handling to remove the possibility of deadlock + * Improved UTF-8 handling for the RewriteValve +- includes changes from 8.0.37: + * Treat paths used to obtain a request dispatcher as encoded + (configurable) + * Various jdbc-pool fixes +- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream + +------------------------------------------------------------------- +Thu Sep 29 12:26:30 UTC 2016 - tchvatal@suse.com + +- Switch to commons-dbcp2 fate#321029 + +------------------------------------------------------------------- +Fri Sep 2 13:20:00 UTC 2016 - malbu@suse.com + +- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) + Added: tomcat-8.0.36-jar-scanner-loop.patch + +------------------------------------------------------------------- +Wed Jul 6 12:20:03 UTC 2016 - malbu@suse.com + +- Version update to 8.0.36: + * Another bugfix release for the 8.0 series. Full details: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) +- CVE fixed by the version update: + - CVE-2016-3092 (bnc#986359) +- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one + introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources + +------------------------------------------------------------------- +Mon May 2 16:05:26 UTC 2016 - dmacvicar@suse.de + +- fix maven fragments paths to build in multiple distribution + versions + +------------------------------------------------------------------- +Thu Apr 21 21:22:56 UTC 2016 - jcnengel@gmail.com + +- Version update to 8.0.33: + * Another bugfix release for 8.0 series, full details: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) +- Rebase tomcat-8.0-tomcat-users-webapp.patch +- Rebase tomcat-7.0.53-JDTCompiler-java.patch + to tomcat-8.0.33-JDTCompiler-java.patch + +------------------------------------------------------------------- +Thu Apr 7 13:01:07 UTC 2016 - tchvatal@suse.com + +- Fix fixme for the prereq preamble value +- It seems systemd prints error on adding the @ services to macros + so do not do that + +------------------------------------------------------------------- +Thu Mar 31 08:18:39 UTC 2016 - dmacvicar@suse.de + +- package was partly merged with the scripts used in the + Fedora distribution +- support running multiple tomcat instances on the same server + (fate#317783) +- add catalina-jmx-remote.jar (fate#318403) +- remove sysvinit support: systemd is required + +------------------------------------------------------------------- +Mon Feb 29 12:45:46 UTC 2016 - dmacvicar@suse.de + +- update changes file for CVE information +- Fixed CVEs: + - CVE-2015-5346 (bnc#967814) in 8.0.32 + - CVE-2015-5351 (bnc#967812) in 8.0.32 + - CVE-2016-0706 (bnc#967815) in 8.0.32 + - CVE-2016-0714 (bnc#967964) in 8.0.32 + - CVE-2016-0763 (bnc#967966) in 8.0.32 + - CVE-2015-5345 (bnc#967965) in 8.0.30 + - CVE-2015-5174 (bnc#967967) in 8.0.27 + +------------------------------------------------------------------- +Wed Feb 17 18:12:57 UTC 2016 - tchvatal@suse.com + +- Version update to 8.0.32: + * Another bugfix release for 8.0 series, full details: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) +- Rebase patch: + * tomcat-8.0.9-property-build.windows.patch + +------------------------------------------------------------------- +Tue Nov 10 09:20:40 UTC 2015 - dmacvicar@suse.de + +- update to Tomcat 8.0.28 + * Multiple fixes, read upstream changelog at: + https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt) + +------------------------------------------------------------------- +Mon Jun 1 09:08:36 UTC 2015 - tchvatal@suse.com + +- Some whitespace cleanups + +------------------------------------------------------------------- +Mon Jun 1 09:07:45 UTC 2015 - tchvatal@suse.com + +- Remove pointless conflicts on provide/obsolete symbols + +------------------------------------------------------------------- +Mon Jun 1 08:54:33 UTC 2015 - tchvatal@suse.com + +- Version bump to 8.0.23 fate#318913: + * Multiple testfixes all around, read upstream changelog at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt) + +------------------------------------------------------------------- +Tue Mar 24 08:06:33 UTC 2015 - tchvatal@suse.com + +- Fix previous commit. Fix one rpmlint warning + +------------------------------------------------------------------- +Wed Mar 18 10:22:27 UTC 2015 - tchvatal@suse.com + +- Drop gpg verification from spec, it is done by obs + +------------------------------------------------------------------- +Wed Mar 18 10:16:07 UTC 2015 - tchvatal@suse.com + +- Fix build with new jpackage-tools + +------------------------------------------------------------------- +Tue Feb 10 10:12:38 UTC 2015 - wittemar@googlemail.com + +- update to Tomcat 8.0.18: + * Major update for tomcat8 from tomcat7 + * For full changelog please read upstream changes at: + + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html + * Rename all tomcat-7.0-* files to tomcat-8.0-* + * Update keyring file +- Update windows patch to apply again: + * Deleted: tomcat-7.0.52-property-build.windows.patch + * Added: tomcat-8.0.9-property-build.windows.patch + * Added:tomcat-8.0-tomcat-users-webapp.patch + * Deleted: tomcat-7.0-tomcat-users-webapp.patch + * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch + * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch + +------------------------------------------------------------------- +Tue Feb 3 14:05:08 UTC 2015 - bmaryniuk@suse.com + +- Version 1.1.30 or higher is required for APR listener (bnc#914725) + +------------------------------------------------------------------- +Wed Sep 17 11:28:46 UTC 2014 - bmaryniuk@suse.com + +- SLE12 has different path for the "rm" command than older versions. + To avoid possible clashes, the entire coreutils must be provided. + (bnc#894292) + +------------------------------------------------------------------- +Tue Sep 16 16:09:59 UTC 2014 - bmaryniuk@suse.com + +- Fixed Security Manager policies, which makes unable properly + run webapps by default. (bnc#891264) + Added: tomcat-7.0-sle.catalina.policy.patch + +------------------------------------------------------------------- +Tue Sep 16 14:13:20 UTC 2014 - bmaryniuk@suse.com + +- Missing security manager policy file prevents Tomcat to start + with systemd. (bnc#890995) + +------------------------------------------------------------------- +Mon Sep 15 13:02:02 UTC 2014 - dmacvicar@suse.de + +- Tomcat 7.0.55 requires ecj 4.4.0 + +------------------------------------------------------------------- +Mon Sep 8 09:01:13 UTC 2014 - dmacvicar@suse.de + +- include the tomcat websocket implementation (tomcat7-websocket) + +------------------------------------------------------------------- +Mon Sep 8 08:23:28 UTC 2014 - dmacvicar@suse.de + +- Update to 7.0.55 + * Update to the Eclipse JDT Compiler 4.4 + * Better error handling when the error occurs after the response + has been committed + * Various improvements to the Mapper including fixing some + concurrency bugs + * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html + +------------------------------------------------------------------- +Mon Sep 8 07:44:28 UTC 2014 - dmacvicar@suse.de + +- build tomcat-embed as a subpackage + +------------------------------------------------------------------- +Wed Sep 3 14:43:12 UTC 2014 - tchvatal@suse.com + +- Drop two unused defines + +------------------------------------------------------------------- +Wed Sep 3 10:47:16 UTC 2014 - dmacvicar@suse.de + +- touch the alternatives files to avoid build errors + in older versions + +------------------------------------------------------------------- +Tue Jul 29 11:25:14 UTC 2014 - tchvatal@suse.com + +- Do not define default defattr as it is pointless. + +------------------------------------------------------------------- +Fri Jul 25 09:24:12 UTC 2014 - tchvatal@suse.com + +- One file here was not supposed to be ghost. + +------------------------------------------------------------------- +Sat Jul 19 09:35:11 UTC 2014 - tchvatal@suse.com + +- Fix once more the alternatives. + +------------------------------------------------------------------- +Fri Jul 11 14:16:47 UTC 2014 - tchvatal@suse.com + +- Add path to rm command. + +------------------------------------------------------------------- +Fri Jul 11 09:18:07 UTC 2014 - tchvatal@suse.com + +- Silence loads of warnings by rpmlintrc + +------------------------------------------------------------------- +Thu Jul 10 14:57:29 UTC 2014 - tchvatal@suse.com + +- Cleanup with spec-cleaner and format few things a bit. + +------------------------------------------------------------------- +Thu Jul 10 14:47:30 UTC 2014 - tchvatal@suse.com + +- Remove few deps not really needed for sle11. + +------------------------------------------------------------------- +Thu Jul 10 14:42:03 UTC 2014 - tchvatal@suse.com + +- Drop unused files obs.bl and local.lb +- Drop unused collections-tomcat-build.xml + +------------------------------------------------------------------- +Sat May 24 09:58:55 UTC 2014 - tchvatal@suse.com + +- Version bump to 7.0.54: + * bugfix update + * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html + +------------------------------------------------------------------- +Thu May 15 14:59:25 UTC 2014 - darin@darins.net + +- Update to 7.0.53 + * bugfix release + * Update the Eclipse JDT compiler to enable full Java 8 support in JSPs. + * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html +- Patch for Bug 56373 + * See https://issues.apache.org/bugzilla/show_bug.cgi?id=56373 + * tomcat-7.0.53-JDTCompiler-java.patch +- Rename tomcat-7.0.2-property-build.windows.patch to + tomcat-7.0.52-property-build.windows.patch + +------------------------------------------------------------------- +Thu May 15 14:41:40 UTC 2014 - darin@darins.net + +- remove saxon build requirement for sles +- disable bytecode check for sles + +------------------------------------------------------------------- +Mon Apr 14 17:59:07 UTC 2014 - darin@darins.net + +- remove unknown option from fillup_only macro +- wrap systemd %pre[un]/%post[un] in conditional +- specify required ant version + +------------------------------------------------------------------- +Tue Apr 8 17:27:09 UTC 2014 - wittemar@googlemail.com + +- Update to 7.0.52 + * bugfix release + * Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing +- Update to 7.0.50 + * bugfix release + +------------------------------------------------------------------- +Thu Dec 12 10:14:47 UTC 2013 - mvyskocil@suse.com + +- Add missing commons-pool-tomcat5 symlink (bnc#847505c#13) + +------------------------------------------------------------------- +Mon Nov 4 14:12:40 UTC 2013 - mvyskocil@suse.com + +- Update to 7.0.47 + * bugfix release + * backport of JSR-356 Java WebSocket 1.0 + * package tomcat now requires java7 at lease +- Updated tomcat.keyring to reflect the fact new release is signed by + Violeta Georgieva / D63011C7 + see http://osdir.com/ml/dev-tomcat.apache.org/2013-10/msg00849.html +- Add tomcat-dbcp.jar (bnc#847505) back into tomcat lib dir +- Install tomcat-coyote.jar as well +- Remove pointless scriplets + +------------------------------------------------------------------- +Mon Sep 9 11:06:25 UTC 2013 - tchvatal@suse.com + +- Move from jpackage-utils to javapackage-tools + +------------------------------------------------------------------- +Thu Sep 5 13:59:28 UTC 2013 - mvyskocil@suse.com + +- drop a dependency on unecessary -tomcat5 packages +- use commons-dbcp.jar for build +- add missing commons-pool.jar to libdir + +------------------------------------------------------------------- +Fri Aug 9 09:18:44 UTC 2013 - mvyskocil@suse.com + +- add _constraints to not schedule build on some build machines + workaround for bnc#832762 + +------------------------------------------------------------------- +Tue Aug 6 20:24:06 UTC 2013 - robert.munteanu@gmail.com + +- Add missing 'su root tomcat' line to logrotate. See also + https://bugzilla.redhat.com/show_bug.cgi?id=790334 + +------------------------------------------------------------------- +Fri Jul 26 13:06:35 UTC 2013 - mvyskocil@suse.com + +- call chown --no-dereference in init script + (bnc#822177#c7/prevents CVE-2013-1976) + +------------------------------------------------------------------- +Tue Jul 23 14:33:47 UTC 2013 - mvyskocil@suse.com + +- update to 7.0.42 (bugfix release) + see http://tomcat.apache.org/tomcat-7.0-doc/changelog.html +- fix file list to be compatible for new rpm + +------------------------------------------------------------------- +Thu Apr 18 12:23:13 UTC 2013 - mvyskocil@suse.com + +- update to 7.0.39 (bugfix release) +- install only systemd unit files on openSUSE 12.1+ + * and call proper code when init script still exists +- add a proper scripplets for -jsvc subpackage +- don't use catalina.out, systemd redirects stderr/stdout to syslog +- don't use and recommends logrotate +- package /etc/ant.d properly, mark only catalina-ant as a config file + +------------------------------------------------------------------- +Sat Feb 16 07:29:52 UTC 2013 - m407@mail.ru + +- Fix tomcat init scripts generating malformed classpath + (http://youtrack.jetbrains.com/issue/JT-18545) + bnc#804992 + +------------------------------------------------------------------- +Mon Jan 21 13:54:18 UTC 2013 - mvyskocil@suse.com + +- update to 7.0.35 (bugfix release) + require ecj >= 4.2.1, like upstream do +- make gpg-offline work distros after 12.2 + +------------------------------------------------------------------- +Thu Dec 27 17:14:55 UTC 2012 - archie@dellroad.org + +- Ensure tomcat stdout/stderr output ends up in catalina.out + +------------------------------------------------------------------- +Thu Dec 20 22:45:19 UTC 2012 - archie@dellroad.org + +- Recommend libtcnative-1-0 >= 1.1.24 +- /etc/init.d/tomcate init script fixes: + * Include /usr/bin and /usr/sbin in the PATH + * Fix logic for cleaning the work directories + * Fix typo (log_success_msg lsb function name) + * Fix typo (reload message) +- Require log4j + +------------------------------------------------------------------- +Tue Dec 18 09:34:29 UTC 2012 - mvyskocil@suse.com + +- Require gpg-offline on 12.2+ + +------------------------------------------------------------------- +Thu Nov 29 19:17:03 CET 2012 - sbrabec@suse.cz + +- Verify GPG signature. + +------------------------------------------------------------------- +Mon Nov 26 13:01:44 UTC 2012 - mvyskocil@suse.com + +- update to 7.0.33 (bugfix release) + +------------------------------------------------------------------- +Tue Sep 11 08:24:53 UTC 2012 - mvyskocil@suse.cz + +- update to 7.0.30 (bugfix release) + * SSI and CGI disabled by default +- fix bnc#779538: change the working dir to $CATALINA_BASE +- document the CATALINA_BASE and CATALINA_HOME in tomcat.conf better +- fix rpmlintrc file + +------------------------------------------------------------------- +Thu Jul 19 08:48:31 UTC 2012 - mvyskocil@suse.cz + +- fix bnc#771802 - systemd support is broken + * change type froking to simple as it does not make a sense run java in a + background to emulate that + * remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on + systemd features like User/EnvironmentFile + * workaround the 143 exit code in Stop phase - return 0 in this case + * merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink + * properly use jsvc with pid file to start and stop + +------------------------------------------------------------------- +Wed Jun 13 12:37:49 UTC 2012 - mvyskocil@suse.cz + +- update to 7.0.26 (bugfix release) +- rename package to tomcat in order to emphasise a fact, there is only one + major release of tomcat maintained in distribution +- add manifest files and systemd support (thanks Fedora) +- create tomcat-jsvc package + +------------------------------------------------------------------- +Thu Feb 23 13:59:10 UTC 2012 - mvyskocil@suse.cz + +- update to 7.0.26 (bugfix release) +- fix bnc#747771 - don't use /var/lock/subsys + sync tomcat7 init with tomcat6 + +------------------------------------------------------------------- +Sun Feb 19 23:02:42 UTC 2012 - wittemar@googlemail.com + +- update to 7.0.25 (bugfix release) + +------------------------------------------------------------------- +Tue Nov 1 12:36:57 UTC 2011 - mvyskocil@suse.cz + +- update to 7.0.22 (bugfix release) +- wrote changes and prepare for inclusion to openSUSE distribution +- fix bnc#726307 + /etc/tomcat7 is writtable for tomcat group + +------------------------------------------------------------------- +Mon Sep 19 10:21:29 UTC 2011 - wittemar@googlemail.com + + - update to version 7.0.21 + +------------------------------------------------------------------- +Thu Jul 21 10:21:29 UTC 2011 - mvyskocil@suse.cz + + - update to version 7.0.16 (bugfix update) + +------------------------------------------------------------------- +Wed Mar 30 16:29:28 UTC 2011 - jrenner@suse.de + + - add rpmlintrc, digest, init and wrapper scripts and config file + - build require geronimo apis and wsdl4j + - disable webservices in javadoc target + +------------------------------------------------------------------- +Tue Jan 18 12:22:55 UTC 2011 - mvyskocil@suse.cz + + - initial packaging of tomcat7 7.0.6 + diff --git a/tomcat.keyring b/tomcat.keyring new file mode 100644 index 0000000..b0667cf --- /dev/null +++ b/tomcat.keyring @@ -0,0 +1,237 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: + (pgpk -ll && pgpk -xa ) >> this file. + or + (gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 1024D/33C60243 2004-09-12 + Key fingerprint = DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243 +uid Mark E D Thomas +uid Mark E D Thomas +uid Mark E D Thomas +sub 2048g/0BECE548 2004-09-12 + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (MingW32) + +mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL +rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw +4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u +k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9TpNHkKSSUR2evRlWPYA0YtxBSbsgON +tT0cYipAp5IcYt6Zq5QzHiZreyQXLAjItDS2oGCIXfNbTYJ3kxxJTCU/3wlefVdq +LBh4ttm7gmWaiTDTgG4axLF5oMpAb3m4v6s1KvXVVj2pqkhBknfuoRh1wPqbtwks +7HOIBADVezl1/vny5YzdoqsDx1ByXMLi7CuMexQPllhRbdN+an+ZiJ5YP8J9rPdl +NCELsCCcDKLGLjlp43XfMxsgYAPEZNG2ObjKTarhk3uGYN3aJrx7s+G+c2bu8o2n +SyAFQ1iDsjS87PgSPCONA2/36ZShmv1OjLWz5Vo7hGSPcW4ZdLQiTWFyayBFIEQg +VGhvbWFzIDxtYXJrdEBhcGFjaGUub3JnPohGBBARAgAGBQJJEoLqAAoJEJsf2p88 +BiIx2ssAnjsjHqeIOdOQYuNjDxVIqfAQN8vaAJwLv/HLCQwTZdxOFqwt/Pf/Ae5L +6IhGBBARAgAGBQJJE0bmAAoJEJA4TZo1x+lCCH0Anj1yuBFfP+bNK+51xQhqFsSN +cB1vAKCzK5HbowxZd2MjzMU31USprksZTIhGBBARAgAGBQJJGG7wAAoJELDgGPyz +tNmL35kAniTaqQ+uSzJgX1o7Bp8BAFYoQ+o0AKCm4eD3gf06AK20FZwSck8ibIQ2 +3ohGBBARAgAGBQJJGekxAAoJEC0hq2VlRht59xoAnRcmnR1vJZsRCGcSuxKv+0nA +FrKsAJ9R7Gdc25unU6zF/UwUs7LdWTIFN4hGBBARAgAGBQJJGjZhAAoJEFuWgBDg +T5qJQLAAniDrgK53AhSBmZRGLU6HaI4jPO6jAJ4gWQWhnovMkAKqLRtc18Z1Q60N +vYhGBBARAgAGBQJJHtOZAAoJEFMmz0Afnhe7pzMAnAu/W6rzeOXe7SoMtbPF4mg/ +OycXAJoDQfqJpGoUFEjsoePDY0WOd5hI9YhGBBARAgAGBQJJVjbUAAoJELlbvT+k +PESS4lIAniLTQ0XnArkk0TCIBeSWWRL2SvWjAJ4+9XuK0Mg5Pk2454JbWxXqv0cW +i4hGBBARAgAGBQJJXgPpAAoJEA9FCiZiEL/ADcsAnAns0QDk3Iwb0X1GbhRfRHFf +GeV2AJ9+8rA4UfTtUnFMZZCEdyohyunM5YhKBBARAgAKBQJDme2qAwUDeAAKCRAM +PU85FKClKanOAKCIBOdqECQwSoSS6Bsw/j0rhhhOHQCfTCp+IgPx+uJ9YhhgKDyr +U3psooeIagQQEQIAKgIZAQUbAwAAAAUeAQAAAAUCSrQLBwULCQgHAwUVCgkICwUW +AgMBAAIXgAAKCRBvsh6JM8YCQ/3tAKDTsnK90MamPgLtqRxEDmCMu6mX7ACg5rF4 +05TH5JA7h23YfJCsC9ZTeoCIqQQQEQIAaQUCSVsZ6iAcU2FuZGVyIFRlbW1lIDxz +YW5kZXJAdGVtbWUubmV0PiIcU2FuZGVyIFRlbW1lIDxzY3RlbW1lQGFwYWNoZS5v +cmc+HhxTYW5kZXIgVGVtbWUgPHNhbmRlckBtYWMuY29tPgAKCRCyvrxAFSkkr91K +AJ93ymf/0iywAVIno5/T8/QUJSKVBgCfe4UPcLtISs3GI8mpYyjCXq35OEmJARsE +EAECAAYFAkkSbKQACgkQW+YxwZmV0krHkgf407SOW6qaU4nqHUJ5kFPWgcLcVVo2 +w4gQ1u6s+HzEXNTmvKZrOIzKJMnttyM2RDklmCwaI/lkJApyMbQoMW5UksTGVgnF +WHKyiYx03SnVNPH+QID9IhPzAvp2rLH9IQUtfu1vxvfsQQEZGNmKXUgaG0OduXTY +J+EkhaIFotOa6pLBcUuqjmbSI840IjnVV5a5wLyonDGFFJ7FbbHDecOcLzI9jmSd +mLQlgXD8XwYe8XqNknc6C4uOniDc+iuDRqzGFAMs7f8YK6C1fh3mWCjuNNQ64wvm +JqvxWinFKh6BpTBecqtXwta1Vzfa3tGKSrWCPfODAUHqXni+hhdEqMftiEYEEBEC +AAYFAkoVTuwACgkQarqkr5Czi1hBvACeLUdijz+jB9K9XGL1O5ZhPv8bEWwAoIIw +5uol5zSFoHcK1WHJI5D9CUhgtCdNYXJrIEUgRCBUaG9tYXMgPG1lZC50aG9tYXNA +dmlyZ2luLm5ldD6IYQQTEQIAIQIbAwIeAQIXgAUCSrQLFgULCQgHAwUVCgkICwUW +AgMBAAAKCRBvsh6JM8YCQ/rAAKCcgX1TjaeqTP62LIxml8Z1hL0cSQCeOZiYPXub +vNxwTWh01BOrh5oztDqIRgQQEQIABgUCSRKC6gAKCRCbH9qfPAYiMTeJAKCfTgLW +8OR8o1SY8DHu5/Lw/QyffQCfefq9NCLX99dWBqQqQhX8Ov/vt1yIRgQQEQIABgUC +SRNG5gAKCRCQOE2aNcfpQsvGAKDh7MWTZaEaEe9zBbiHiUQOtZYsSQCgqdqu199/ +TDjuXF+frwmzaZqOB3qIRgQQEQIABgUCSRnpMQAKCRAtIatlZUYbeZNCAJ9e6ogA +O4ZpKrEQHuuJnpPnDYT5fgCaAgyY2X29cnP+r79XpqngCGqKR6iIRgQQEQIABgUC +SRo2ZwAKCRBbloAQ4E+aicu/AJ9w90lBNZNBRpoQ6BpSGi88e7GrOgCfe9sD/Qbj +xJJ4FifW8I0/sHbpaNeIRgQQEQIABgUCSR7TmQAKCRBTJs9AH54XuxYdAJ46GTR8 +lGoMPK/hUnjeTZ0neTacyACcC6y/DMgkUi499c/zqq9PbIfq7+2IRgQQEQIABgUC +SVY21AAKCRC5W70/pDxEkvlHAKCKieHMrMKnD2U+43ryLJa1S1hr9gCcDnBl6uvO +7qcTozf9k/S8lYvOGs+IRgQQEQIABgUCSV4D6QAKCRAPRQomYhC/wGLfAKCp+OYb +ANzRA7CKs/3bcGjGmFet+gCffHlkrqm7ZgaBVl/2thvldg+obqmISgQQEQIACgUC +Q5ntuwMFA3gACgkQDD1PORSgpSm/uQCfUdtXgb+/jBVYS9zEFy5MNEssdsIAnRv5 +oMNzdqDJ7F/UuU6hUm1QhdkUiKkEEBECAGkFAklbGeogHFNhbmRlciBUZW1tZSA8 +c2FuZGVyQHRlbW1lLm5ldD4iHFNhbmRlciBUZW1tZSA8c2N0ZW1tZUBhcGFjaGUu +b3JnPh4cU2FuZGVyIFRlbW1lIDxzYW5kZXJAbWFjLmNvbT4ACgkQsr68QBUpJK/d +SgCfd8pn/9IssAFSJ6Of0/P0FCUilQYAn3uFD3C7SErNxiPJqWMowl6t+ThJiQEc +BBABAgAGBQJJEmykAAoJEFvmMcGZldJKI50H/iCJKvk1gi9oIiL6EISeuSngzsis +Jzcg951BN0GVCvLvvVwKNHD7+myiB2gkKKp2yv/A1DVPaZ7ZNkB4KEPLlorLw7iK +gb4QrqgezJaRcJ3zisTh6JslOKuV/7Ojy4DZOXVFsr7LSFXPgl6O29AEPD6SHjOH +0x6RTJPqrsccQ49/KBAUAm1oMmRhcE7jsMl6Y3gQGIkSxG7Pag9zj5qxeqljdhf+ +QbM4cb9a8jPCSvU3RfXH531PILENGpprvH1oFforY7sNyI8AOMQ1on7Pnk09zbNx +lRBq73dV5RCBtg0xF6v4/dA/X1O1cGnXGAYM7Tp6WXifJzPssRySCuwTZvWIRgQQ +EQIABgUCShVO7AAKCRBquqSvkLOLWAz2AKCfHh162MhNPvfzMtvqR3Vz+x92WgCf +e16LZToIN8IUA2Sqyru9Y6J5Hlm0Lk1hcmsgRSBEIFRob21hcyA8bWFyay50aG9t +YXNAc3ByaW5nc291cmNlLmNvbT6IRgQQEQIABgUCSRKC6gAKCRCbH9qfPAYiMUdj +AJ41QcpKYNSt1tHNV3YATFcYf/XIKgCg7MFeSGbpvW1W1/weqnraMzFzLfeIRgQQ +EQIABgUCSRNG5gAKCRCQOE2aNcfpQnTyAKCdCXp8TBXMKajXNbepnP/8AcxuvwCf +ZABpYIEZ2up4mOTpQCKtAfuj3XaIRgQQEQIABgUCSRnpMQAKCRAtIatlZUYbeY7m +AJ4hT6Y9bnDyS2ZQgxDoe0q1KmeLEACfTNOmAvfFCPpJd5jefNSAg5hblpaIRgQQ +EQIABgUCSRo2ZwAKCRBbloAQ4E+aiXu8AJ9+n0GqPb0pLsFd1bHAnbUFE7wQAgCf +YuHmCCO1a7o1ZhOMmTqjQY8znMaIRgQQEQIABgUCSR7TmQAKCRBTJs9AH54Xu8TF +AJ46JXUYFXbZocbqNxfhfusocDncxQCg180xr/NoOPTmUqne1xT3CNb2gJSIRgQQ +EQIABgUCSVY21AAKCRC5W70/pDxEkm2rAJ9sBYuejJ4w8CXwSSiH56j26JnqqACf +dwaQ5K/fBzZCZO3XeHq/CGF+uQmIRgQQEQIABgUCSV4D6QAKCRAPRQomYhC/wJ8p +AKChOJ08LU1Ji+c0TdCrUS3xHPusvACfX4b7m9UU4KPSjFBt86Wy+7Tl/1iIYQQT +EQIAIQIbAwIeAQIXgAUCSrQLFgULCQgHAwUVCgkICwUWAgMBAAAKCRBvsh6JM8YC +QyLIAKDfzPcdTFN6Iu7MENRKHRgkhlWwcwCg4WwimtdbIuNUaJlHAaDCkXDOK66I +qQQQEQIAaQUCSVsZ6iAcU2FuZGVyIFRlbW1lIDxzYW5kZXJAdGVtbWUubmV0PiIc +U2FuZGVyIFRlbW1lIDxzY3RlbW1lQGFwYWNoZS5vcmc+HhxTYW5kZXIgVGVtbWUg +PHNhbmRlckBtYWMuY29tPgAKCRCyvrxAFSkkr91KAJ93ymf/0iywAVIno5/T8/QU +JSKVBgCfe4UPcLtISs3GI8mpYyjCXq35OEmJARwEEAECAAYFAkkSbKQACgkQW+Yx +wZmV0krGSgf/RlmcEUwth7OQkmpIGPeGbrfjpbuK/AV0+Q8nBJAsAWiMl1ydBo9m +L3oSh2D+0G3gLCyckgA1bcsNdtxMPctxJdmju3rWbq0cEVG26U/qeRDjkZafLa8n +iPReRVRuJP9uAgQ19cv7mOYjRiEjTqeA2IJ8J2RWLZSOf/3u4mWwjq6hMXKGxHc4 +phKVQyjgRh45DzG3wuXa5FpHaG1gYgkUhIvW+RGPbuvKNKMSRIuXs8GzsTbWvNWG +/aAOG8B3gR48hQCq7Ja//+ebfKWWi0c37X09VHt9VlNrhWvKziDaofwsobbAa2+F +fby/1fBgoMVNdmtvXWlzugkQ+G3xXZkzdIhGBBARAgAGBQJKFU7sAAoJEGq6pK+Q +s4tYOREAn3tCOMDivfkSiyRdAOB8sjd8H76KAKDFbj1BkgeYIzWQhHxR0SHC9eoL +NLkCDQRBRI3pEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTp +j0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39 +uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1Y +TknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9 +fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCb +AkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAri0hN7wUjnkzDNOHs7j7 +eM2VKdDxUBkC9287maduH9fEvD9wXphgJNldx2WCZs5jYHeC9LyAvcchXbiAhYG4 +lfbssyj8B7woEMGrqRbxSxp+0PSydJ5WsBjeyptd7yUxt660/1DCsC05PiDBGEMF +IAYbeh05wWjPlKlcf3geDx6G4preUXnc/Qp0+A65QNDOjod3j1gQ+vTZ4cKNgDeN +nV/1tinJw3tokTbvyRGzmLLLI9Ht1Zh8BJsGtOuE6UKcNXwpclu7H+GljnEL3E9d +kdITb0YU0dU1dKc4yDJG0T5EXs4SGOeQE0yH3Gma8PmLm5psP6af9cCA0cx3sTqv +a4hMBBgRAgAMBQJBRI3pBRsMAAAAAAoJEG+yHokzxgJDfKIAoOLR5oMpV8OGN7ox +fieHH9qJZRmtAJ0ZMl/F/rvzazItoNsYRL6bE2wBlpkCDQRKtA7pARAA+I6Lxzjy +Q8aA/iZztRqNpIsKYEVC2rBpa1SrklHT+sM3Gqlpl6arTiSisFtjEBUC5oO50PUY +ycMt0AmyjQyUAP28G0E9Re1s0ws9kur8QuM8SnJOLekWQatnSbGChdAhIemX2OHZ +ir4avt4rLUqBUXR2KDjxlmabkQ6n2T3Rpv5t9+f+ihh+faMrJ9TRO2tmvpGc4wUh +IL9t/peGdUYO/n6c9SXHR0nQtmfmUcTC9uXlWrUVc+MrwzmSLag1ET9uM1jqHcYG +6JXVemPPAt7/+ykUftb5Jc5LgNhahfEOK/9n9LLuzFFb4kHMtvcv0ZS0g002KFZQ +mdZ4teKhVOx6cONyibYF5nFMKt9U9fkpV3WIzSdWhZFIvAYwhw3EoBPyEXilGp4x +85uF0spig03qqs4nYuJOjww+I8h2/JPL8Yuqk+lHZ5XH6OTQZJFE9U2roRMvJLR4 +W5fZOtAb7zAT/ZenFEYiYNVku+3oCOD//NqD288xYhhal8iSlC1YMbXUNyYpAqaH +ad39X4ej5WGcJFuMQiSybnCeTIkKdOxwJDFVucPpPF77pOIuarodzftpMyhzjokA +g5jdLM9F4zhPu1wbzNZb89/lGqy34ElZlvGoXi3e3miJeSLQZPPOOGSetC60PiYi +Kr6iXpsciDOnqaGb2OWt2bIWaXC4pQuYVvEAEQEAAbQiTWFyayBFIEQgVGhvbWFz +IDxtYXJrdEBhcGFjaGUub3JnPokCNwQTAQoAIQUCSrQO6QIbAwULCQgHAwUVCgkI +CwUWAgMBAAIeAQIXgAAKCRAQwBxaL2BZ59mIEACjehSxvyNSI9z1JQv1zZYWrEMT +3hN8Njr7bcHjkD2JG5SfZx7Rh+aTahtv6qBkoZaSNOIycvRsVijqOzVeL+zNJm1Z +Ql1YI3ZbzBVnS+5Z6HIIMCQBXo0HGJVbccobuJudCwbwbpxIcQm0HCp51ppAeznJ +tCHLWqo3PawnNRf2jYVTFKSdMxtZMk6fYcbzek2wkJWnDMeaHE1sy9M5+kGYW1H6 +2MH8WCZkp5FWGTmM1yFyLCzebCfUOD/LY2OKloHfm0Lzqj1q5My/S1UZxjq0mCLK +DOc1naI9YNYJTMyv2aiXUaqqgYXuhWE214qc/KF/Ipgnm3GsWZ3y4Roqql/sg2t2 +FMA4qqJvrGTnNIlxrypKpbTy6TXhdDFU+2mY2pbEP79mLG9uEUJfRX431pr0/GT1 +s/CqK3tQCOFHCCIBVbTPs7i5S/QiLBo4PoBwxNnYWQ2NKn4s5Ry/QqAFlAzN6SH8 +TNleAUZ9cTvo/5jKHYY5mC2b5xVc+ChpDTu8EZKHwADSFmKN1iOcfNwRgx9+9bdz +Ua66UkhT9F6UF+vy3mo9o+lOqbgAS9qgcYbHLDunIXN7uP/tNfX3/qXmVbHPbbXE +0F7CiLo5jG/KdrJObrJr+jylV96Fv0QMaW1R1OZGeacdR6u5jEHWXy7OX3+GMplw +R9Ns+P0Zksz2ptF2+bkCDQRKtA7pARAAwjRJMLOWK6AZm7vO/PV39NOoE5eS8w/x +3bd7AKfYgnz4LnDvpe1PsW6NVx0zCUMBFX0vkcd0W2i2ERvoVOxbiS0Af+TWggzU +bqsOSh8kLSVB/s6POCKqnzMxvGjknR4Ncq9sSh+EE5oEDjQbv1tMRGZma6Ok42Dc +JJNqcFytsriJmT1DsvpitahfFpt4U7ZDxPhRUjRSGnhw6Expsf9EYrvyu3TSU6wt +E5UaZ9iunetMwed2GE3PtA2Eg8gdBbqV4gMf/lxBp90O3jYtgVesOdL+a+dUD/M6 +bYhX5THxSjQH1fMUuTLXkHffGEuaqnfyz6N4EuRxT0Gki9JN0Uwpb+30DR3GRapr +9DlqYses5tp6WMYarEwxnkmudv7l3oVVxeSbm2BYnzEi6WxlWana5huYa9nMnMbI +xYmNMyTmkYrZjfyVmzhi4sK3DeLpCjchZ7RRuYz2hZyXcfax38iTXhfXIL/SZWXh +cSelqiAIZSjrh9yvP6ctEjxOmThX0aNGFMb4duSv7IjnDy5utd2jscmO2H0PDBNr +4J+yNJgLYPWpvmBQ2mxqo/N/aHcGXc2b9k9plB58mxUyRQbjFhlimLLWA0unmRJo +bqWz71CpA7oP5jvoHaPqUihfWEugzOUbQnUzSauDWWOdMqQW+UUo/iDRz6HCKdlf +ww0288krLusAEQEAAYkCHwQYAQoACQUCSrQO6QIbDAAKCRAQwBxaL2BZ5y3tD/4t ++KCuXBNi5alBCExHEzveMdRF9FJrSqJEX0NwGFivF3hQ/HJkrcu9oTJC/tXNFf/+ +EHOd0lMiyFl5PBSlhe4XS988rgapUW+ee9tQmAt+RgP40fdKdJNb6+9NYGmrdnDU +zlQtP+h/XBOcmF0/szK/U0oigg8DjYYUm5gCWXOl9H4LJgg+yOcVCOVa4oTf1sdA +mQba1xlMhOIYBWmEhqbWZpGOS59XvpyNfOQXWu26S8HACBqyPZ2LVV4H+9cmxinT +z7RX1yKD17nLZ/fTOzZ1gYTbhg5rNmFpDgu3nlgU8SpGQ1kd70ZkcudgehsUe1Ep +Pyl7O8qhj5H0/3OAmRXzrq2VF17gtz7zpntA0JqsBMbSaK5qBuBcurLhBT634WDI +oE8u5Em1UwjgTI0Cx/lPxRTbIb4PfjP2b2ik/tJaUbwUrhuZ4LAtGztMVrF4W+qn +x9oed4OFXMBbwgS+SH6oAHlGwpxhhzXBlqZsHXm+w+2oazWUhxFFGEe5U245GEtN +f0AznBMDWTqg0SCVEDjlKt+e9tVXkTpHYWZjGbRZbEHkCbFqKhq0KP5BGInFZTFT +oI5jjszmuX0W/yKpRpQZ+GuJnt4VrYSy7TMvjjhIpuhDY57VUwUIkz/2Kq8Vg2wp +Gg+29nvcGOTdyZUcTCEB33B2jQ9z0XUEp+6B2F5iZQ== +=hSkx +-----END PGP PUBLIC KEY BLOCK----- + +pub rsa4096 2019-05-05 [SC] + 48F8 E69F 6390 C9F2 5CFE DCD2 6824 8959 359E 722B +uid [ultimate] Remy Maucherat +sig 3 68248959359E722B 2019-05-05 Remy Maucherat +sub rsa4096 2019-05-05 [E] +sig 68248959359E722B 2019-05-05 Remy Maucherat + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFzO4ecBEACVS86VyuTSJmLmApi92R6D3/L3EIBFXhagJbrLkodkTuG9efYo +vM1DJPWEFs5kux8a8UPwn2gbQFPJg1AH77GqjP8gtn0KHQvXgYC9+7cTqDl6C7k9 +n3BkB9bRIhHileYyIJfnycjJdrGFEmwGu0pBOEdr01R0kFprqYu9DwcD6oUvmZRn +OMoQQeLEC0cw/VzJ/ZqzJwO0t+rMCozqJ9/BfJZUqwijDZnJAZWnIVxjqxrUgyYA +5/0g9X8YHrIz09XuzaE64VAl0q3nrFJWvDCwE/ZM7w8jlUqtQgLu4K2U82G0YXw3 +KJ1EbigEmtEohu6HVnAToCJuOnQ8m0rZxbyNMeYF9pyohdFEca4I0B8Evy2dYFnJ +Y2gghuU80vct54536WWz9mAjKwBFQUtxX0EjYrYN9ckzCK6fRqrnVv0USVp7N/ZY +PQkOEJSdmRdpvTMwfCuAyT0/3cxuC7NyAWiZDXJv7OVcDr/REfWAA7XMQOErwdGJ +gViG58YhLw0Pgdumg+prqQXowzlRzGAsV5VntCh+4LV8/ESmvWAE3V+jgZFB3cSp +g58NKjp1EwKwX6BCICyX+Oe03cnlC0UJ7S9FccrjNrkiwxxOVAnmy4kxX/P3Cuqc +C/b6BeeUA1hBNWNe42mr6YczS+dhpCSUVWQJp/TxdoXA2fGG1OS1FMaICwARAQAB +tCBSZW15IE1hdWNoZXJhdCA8cmVtbUBhcGFjaGUub3JnPokCOAQTAQIAIgUCXM7h +5wIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQaCSJWTWecisVSA/9Eh3h +0jeyy51rA1nqq9imbH0YC85A/wZjhb06UXwWBPozJR8UJsOJZ7kBzCW4gfkC9zTD +GStSHHAej9o96FHVRLzCyjaaZVuRUl2qCz9U+pnGMxb5aRNVAQ/wE10hHu3Yc+48 +cc0sPCCPMdshAj1VOHczTU/LSv21TWBaKO3NMV9KilPzKvXHdPFYssVcUt2NgQLm +2Bx/ELTCVj5c9Ih2cz3T7kxf8LKsGALIfjcp8g9DlvMjVLKBFZqU94C4V0mba2Fd +6xHpdmcgMbSNo6poQ0M0O7CN5qVJFm/v4ZDooLNWRMeL66oen3LrZ8HRpPxfic77 +JLKn60dywuYU8WYp7cV+3AnaDn/ggvC1x79LSmX4PFyG9/F5M7gp0HFrVdyc0nBo +UTejZXehwKrfvF/isPf7pUv2fGXwg07zTz8OMLQo4h9poB5YuuinjuxjBfmc2AvB +WbRcKNvHXHUlaVeK+VvohfPuetJESS4YB7fLMQPdGIckDFQub4SvXPNPPToLsbDB +2GGguqhwWD9ECa2o1RqX8LnCdB71uBcyiW8UIkLxwaygsciVm7SFz+pqAKJgzWwI +AsVYVOIKdq0GWaLDtMGJGQFfxuMVmMGGbvueAMcOCSSsGemkElan33VS8Zu1sjeY +P0Jt4ws6gcbUHI27l5Pvk06uWzaN8uyXGA03d4y5Ag0EXM7h5wEQALG3oikRAQqf +um+wW6oW2d1mIk0PtnC3l3/kGTA92kIqJzQ3Ua0mFaVGxdg2J/I1MF7HdlZJbGyP +5b0PdbSjLHFbQfFD6LHsLw9StVrkjbBKYaP0gRWxEIHMN4Qv01I2Lyc9ONlMjUIf +xNK/AG6oT/Ia53VVET78HOj01L7JjBAPuW8UPoy27s2gQ02smbA7iRUeZ3dpN2fy +027aKbimIl1ZrxJbcbxw29PXWJZP+CxJEnqwEw78QbqSsFMAhR9wZHTfEtUzYy6h +hyngwYQ+iBnB+1cYTEB9KbWWpP5n12iuRin77r2RwrHYAW/RUILK2rOJqPcIg6CX +P1o9UKPeN5QE/ScU5427XKZZscaQrvBPoN3G2RWmMuHM2cchXgRRMMaSvufocLjj +gKj/aPUDCkvJ5MyTNtMfVDx0Tw3aQpf2Fr1L1Hu2GyBqifioZGdzLL0LtdeXzkJy +nZGj/L5jzIlNBnQG97rgCuPflbIl2S1izNexnuX2Z1dcyS2MTrj3nnK6HoW+gvCc +oqq01S410wxaAUidJeGwLzgUa9Ig+6BVPT7sZrbc0IoNP+JdoqPxiEkqy4Msy9WJ +RVeJM520Q2T1YM7xm/4E8C7H+Fis5u4GNswk5qsXEOyLcHBzGEik3BDylp+sJ6/F +DuAN7k64RV2m+lKpjngiKZxo9LmqnsWTABEBAAGJAh8EGAECAAkFAlzO4ecCGwwA +CgkQaCSJWTWecishvg//ZDuhkbSUgIIjG9Rzq3cHNxZ4sFrUwL19AtGNktiwt0QA +GCKPnf4SdHZGKSeOqUHeDT/l/5l4Xc/JgRk/t2bEeC3cHE/Xc5V6I2n28HQiJScX +UJdnO3QdTCMEYVedu/9JhmA37eznQhm+UAcxT9tew3nSd0KkkMQyW6YpBEgcdsFd +aLiFPzbySjRWplyCdELPRFtW2ZHnJ5gVGYZ060EOHcdPb/4Gz/mA6dIjQ5N+vKlA +GNdYZgv3w4NRGLmni5T7jDAY6T2CJXxvcgfYfh3oY3aiZaWzKKQyLEVaoZ6dJbsm +mi2if7MZ/SVCMdM3MXiRpCeyyw9MTylGzgwbDYSz2ZkGvy9k+1M75q5QEfvVM8R3 +guaBJR+e4fkfsRBUAqwmHy8TrXghf5eOCsJx/9yyRXvK4tnwSBUIzFa1q0POESul +jFWYFkvRjKIYfFWS6cY37sPNLvEQQmP2O07ttaYfIXcMcVF+HsDBUftGRWIkkPn2 +LucW7f0Lqlbv/mlJpqByz522jmJRNFLVQh87LYz91FgsLAgDkPpi8mzRrEfb2nHD ++PIKpoO499AKQ8hETMbfzmpJUIV2Bhd7OqKDSf+yHiYSje9evofP+4lDUx3u7tQ3 +4OUzLqBRVrhFDI9keHnhOFMJSrnrpXe7Cm9JujvTX/hy2iOpTOuflj0Djsc8dnQ= +=l4Ry +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/tomcat.spec b/tomcat.spec new file mode 100644 index 0000000..726de63 --- /dev/null +++ b/tomcat.spec @@ -0,0 +1,814 @@ +# +# spec file for package tomcat +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2000-2009, JPackage Project +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define jspspec 2.3 +%define servletspec 4.0 +%define elspec 3.0 +%define major_version 9 +%define minor_version 0 +%define micro_version 85 +%define packdname apache-tomcat-%{version}-src +# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ +%global basedir /srv/%{name} +%define appdir %{basedir}/webapps +%define bindir %{_datadir}/%{name}/bin +%define confdir %{_sysconfdir}/%{name} +%define homedir %{_datadir}/%{name} +%define libdir %{_javadir}/%{name} +%define logdir %{_localstatedir}/log/%{name} +%define cachedir %{_localstatedir}/cache/%{name} +%define tempdir %{cachedir}/temp +%define workdir %{cachedir}/work +%define tomcatappdir %{_datadir}/%{name}/tomcat-webapps +%define javac_target 1.8 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +Name: tomcat +Version: %{major_version}.%{minor_version}.%{micro_version} +Release: 0 +Summary: Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 API +License: Apache-2.0 +Group: Productivity/Networking/Web/Servers +URL: https://tomcat.apache.org +Source0: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz +Source1: %{name}-%{major_version}.%{minor_version}.conf +Source3: %{name}-%{major_version}.%{minor_version}.sysconfig +Source4: %{name}-%{major_version}.%{minor_version}.wrapper +Source5: %{name}-%{major_version}.%{minor_version}.logrotate +Source6: %{name}-%{major_version}.%{minor_version}-digest.script +Source7: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script +Source11: %{name}-%{major_version}.%{minor_version}.service +Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service +Source21: tomcat-functions +Source30: tomcat-preamble +Source31: tomcat-server +Source32: tomcat-named.service +Source100: valve.xslt +Source101: allowLinking.xslt +Source1000: tomcat-rpmlintrc +Source1001: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc +Source1002: https://downloads.apache.org/tomcat/tomcat-9/KEYS#/%{name}.keyring +#PATCH-FIX-UPSTREAM: from jpackage.org package +Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch +#PATCH-FIX-UPSTREAM: from jpackage.org package +Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch +# PATCH-FIX-SLE: Change security manager default policies bnc#891264 +Patch2: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch +# PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files +Patch3: %{name}-%{major_version}.%{minor_version}-javadoc.patch +# PATCH-FIX-OPENSUSE: include all necessary aqute-bnd jars +Patch4: tomcat-9.0-osgi-build.patch +# PATCH-FIX-OPENSUSE: build against our ecj that does not have CompilerOptions.VERSION_16 +Patch5: %{name}-%{major_version}.%{minor_version}-jdt.patch +# PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting +Patch6: tomcat-9.0.75-secretRequired-default.patch +Patch7: tomcat-9.0-fix_catalina.patch +Patch8: tomcat-9.0-logrotate_everything.patch +Patch9: tomcat-9.0-build-with-java-11.patch +BuildRequires: ant >= 1.8.1 +BuildRequires: ant-antlr +BuildRequires: apache-commons-collections +BuildRequires: apache-commons-daemon +BuildRequires: apache-commons-dbcp >= 2.0 +BuildRequires: apache-commons-pool2 +BuildRequires: aqute-bnd >= 5.2 +BuildRequires: aqute-bndlib >= 5.2 +BuildRequires: ecj >= 4.4.0 +BuildRequires: fdupes +BuildRequires: findutils +BuildRequires: geronimo-jaf-1_0_2-api +BuildRequires: geronimo-jaxrpc-1_1-api +BuildRequires: geronimo-qname-1_1-api +BuildRequires: geronimo-saaj-1_1-api +BuildRequires: jakarta-taglibs-standard >= 1.1 +BuildRequires: java-devel >= 1.8 +BuildRequires: javapackages-local +BuildRequires: junit +BuildRequires: pkgconfig +BuildRequires: sed +BuildRequires: systemd-rpm-macros +BuildRequires: unzip +BuildRequires: wsdl4j +BuildRequires: zip +BuildRequires: pkgconfig(systemd) +Requires: %{name}-lib = %{version}-%{release} +Requires: apache-commons-daemon +Requires: apache-commons-dbcp +Requires: apache-commons-logging +Requires: apache-commons-pool2 +Requires: java >= 1.8 +Requires(post): %fillup_prereq +Requires(post): libxslt-tools +# for runuser +Requires(post): util-linux +Requires(pre): shadow +%systemd_ordering +Recommends: libtcnative-1-0 >= 1.1.24 +Recommends: logrotate +Provides: group(tomcat) +Provides: user(tomcat) +BuildArch: noarch + +%description +Tomcat is the servlet container that is used in the official Reference +Implementation for the Java Servlet and JavaServer Pages technologies. +The Java Servlet and JavaServer Pages specifications are developed by +Sun under the Java Community Process. + +ATTENTION: This tomcat is built with java 1.8.0. + +%package admin-webapps +Summary: The host manager and manager web applications for Apache Tomcat +Group: Productivity/Networking/Web/Servers +Requires: %{name} = %{version}-%{release} +Requires(post): libxslt-tools +# for runuser +Requires(post): util-linux + +%description admin-webapps +The host manager and manager web-based applications for Apache Tomcat. + +%package embed +Summary: Libraries for Embedding Apache Tomcat +Group: Productivity/Networking/Web/Servers + +%description embed +Embeddeding support (various libraries) for Apache Tomcat. + +%package docs-webapp +Summary: The "docs" web application for Apache Tomcat +Group: Productivity/Networking/Web/Servers +Requires: %{name} = %{version}-%{release} +Requires(post): libxslt-tools +# for runuser +Requires(post): util-linux + +%description docs-webapp +The documentation of web application for Apache Tomcat. + +%package el-3_0-api +Summary: Expression Language v3.0 API +Group: Development/Libraries/Java +Requires(post): update-alternatives +Requires(preun): update-alternatives +Provides: %{name}-el-%{elspec}-api = %{version}-%{release} +Provides: el_3_0_api = %{version}-%{release} +Provides: el_api = %{elspec} +Obsoletes: el_api < %{elspec} +Obsoletes: tomcat-el-2_2-api + +%description el-3_0-api +Expression Language API version 3.0. + +%package javadoc +Summary: Javadoc generated documentation for Apache Tomcat +Group: Documentation/HTML +BuildArch: noarch + +%description javadoc +Javadoc generated documentation files for Apache Tomcat. + +%package jsp-2_3-api +Summary: Apache Tomcat JSP API implementation classes +Group: Productivity/Networking/Web/Servers +Requires: mvn(org.apache.tomcat:tomcat-el-api) +Requires: mvn(org.apache.tomcat:tomcat-servlet-api) +Requires(post): update-alternatives +Requires(postun): update-alternatives +Provides: %{name}-jsp-%{jspspec}-api +Provides: jsp = %{jspspec} +Provides: jsp23 +Obsoletes: jsp < %{jspspec} +Obsoletes: tomcat-jsp-2_2-api + +%description jsp-2_3-api +Apache Tomcat JSP API implementation classes version 2.3 + +%package jsvc +Summary: Apache jsvc wrapper for Apache Tomcat as separate service +Group: Productivity/Networking/Web/Servers +Requires: %{name} = %{version}-%{release} +Requires: apache-commons-daemon-jsvc +%systemd_ordering + +%description jsvc +Systemd service and wrapper scripts to start tomcat with jsvc, +which allows tomcat to perform some privileged operations +(e.g. bind to a port < 1024) and then switch identity to a non-privileged user. + +%package lib +Summary: Libraries needed to run the Tomcat Web container +Group: Productivity/Networking/Web/Servers +Requires: %{name}-el-%{elspec}-api = %{version}-%{release} +Requires: %{name}-jsp-%{jspspec}-api = %{version}-%{release} +Requires: %{name}-servlet-%{servletspec}-api = %{version}-%{release} +Requires(post): ecj >= 4.4 +Requires(preun): coreutils +Provides: jakarta-commons-dbcp-tomcat5 = 1.4 +Obsoletes: jakarta-commons-dbcp-tomcat5 < 1.4 + +%description lib +Libraries required to successfully run the Tomcat Web container + +%package servlet-4_0-api +Summary: Apache Tomcat Servlet API implementation classes +Group: Productivity/Networking/Web/Servers +Requires(post): update-alternatives +Requires(postun): update-alternatives +Provides: %{name}-servlet-%{servletspec}-api = %{version}-%{release} +Provides: servlet = %{servletspec} +Provides: servlet31 +Provides: servlet7 +Obsoletes: servlet < %{servletspec} +Obsoletes: tomcat-servlet-3_0-api +Obsoletes: tomcat-servlet-3_1-api + +%description servlet-4_0-api +Apache Tomcat Servlet API implementation classes version 3.1 + +%package webapps +Summary: ROOT and examples web applications for Apache Tomcat +Group: Productivity/Networking/Web/Servers +Requires: %{name} = %{version}-%{release} +Requires: jakarta-taglibs-standard >= 1.1 +Requires(post): libxslt-tools +# for runuser +Requires(post): util-linux + +%description webapps +The ROOT and examples web applications for Apache Tomcat + +%prep +%autosetup -p1 -n %{packdname} + +# remove pre-built binaries and windows files +find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ + -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -print -delete + +# remove date from docs +sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl + +%build + +ln -s $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar +ln -s $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar + +export CLASSPATH= +export OPT_JAR_LIST="xalan-j2-serializer" +export ANT_OPTS=-Xmx500M + +# we don't care about the tarballs and we're going to replace +# so just create a dummy file for later removal +touch HACK +mkdir -p HACKDIR +touch HACKDIR/build.xml + +ant -Dbase.path="." \ + -Dadd.osgi.jar.metadata="true" \ + -Djava.7.home="%{java_home}" \ + -Dbuild.compiler="modern" \ + -Dcommons-collections.jar="$(build-classpath commons-collections)" \ + -Dcommons-daemon.jar="$(build-classpath commons-daemon)" \ + -Dcommons-daemon.native.src.tgz="HACK" \ + -Djasper-jdt.jar="$(build-classpath ecj/ecj)" \ + -Djdt.jar="$(build-classpath ecj/ecj)" \ + -Dtomcat-native.tar.gz="HACK" \ + -Dtomcat-native.home="." \ + -Dcommons-daemon.native.win.mgr.exe="HACK" \ + -Dnsis.exe="HACK" \ + -Djaxrpc-lib.jar="$(build-classpath geronimo-jaxrpc-1.1-api)" \ + -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \ + -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1.1-api)" \ + -Dbnd.jar="$(build-classpath aqute-bnd/biz.aQute.bnd)" \ + -Dbnd.dir="%{_javadir}/aqute-bnd" \ + -Dosgiannotation.jar="$(build-classpath osgi-annotation/osgi.annotation)" \ + -Dosgi-annotations.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \ + -Dosgicmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \ + -Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \ + -Dcommons-pool.home="$(build-classpath commons-pool2)" \ + -Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \ + -Dno.build.dbcp=true \ + -Dversion="%{version}" \ + -Dversion.build="%{micro_version}" \ + deploy dist-prepare dist-source javadoc package embed-jars + +# remove some jars that we'll replace with symlinks later +rm output/build/bin/commons-daemon.jar \ + output/build/lib/ecj.jar + +pushd output/dist/src/webapps/docs/appdev/sample/src +mkdir -p ../web/WEB-INF/classes +javac -source %{javac_target} -target %{javac_target} -cp ../../../../../../../../output/build/lib/servlet-api.jar -d ../web/WEB-INF/classes mypackage/Hello.java +pushd ../web +jar cf ../../../../../../../../output/build/webapps/docs/appdev/sample/sample.war * +popd +popd + +%install +# build initial path structure +install -d -m 0755 %{buildroot}%{_bindir} +install -d -m 0755 %{buildroot}%{_sbindir} +install -d -m 0755 %{buildroot}%{_javadocdir}/%{name} +install -d -m 0755 %{buildroot}%{_initddir} +install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d +install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig +install -d -m 0755 %{buildroot}%{appdir} +install -d -m 0755 %{buildroot}%{tomcatappdir} +install -d -m 0755 %{buildroot}%{bindir} +install -d -m 0775 %{buildroot}%{confdir} +install -d -m 0755 %{buildroot}%{cachedir}/Catalina/localhost +install -d -m 0755 %{buildroot}%{confdir}/conf.d +/bin/echo "Place your custom *.conf files here. Shell expansion is supported." > %{buildroot}%{confdir}/conf.d/README +install -d -m 0755 %{buildroot}%{libdir} +install -d -m 0775 %{buildroot}%{logdir} +/bin/touch %{buildroot}%{logdir}/catalina.out +install -d -m 0775 %{buildroot}%{_localstatedir}/lib/tomcats +/bin/echo "%{name}-%{major_version}.%{minor_version}.%{micro_version} RPM installed" >> %{buildroot}%{logdir}/catalina.out +install -d -m 0775 %{buildroot}%{homedir} +install -d -m 0775 %{buildroot}%{tempdir} +install -d -m 0775 %{buildroot}%{workdir} +install -d -m 0755 %{buildroot}%{_unitdir} +install -d -m 0755 %{buildroot}%{_libexecdir}/%{name} +install -d -m 0755 %{buildroot}%{_fillupdir} + +cp -a %{SOURCE100} %{buildroot}%{confdir} +cp -a %{SOURCE101} %{buildroot}%{confdir} + +# move things into place +# First copy supporting libs to tomcat lib +pushd output/build + cp -a bin/*.{jar,xml} %{buildroot}%{bindir} + cp -a conf/*.{policy,properties,xml} %{buildroot}%{confdir} + cp -a lib/*.jar %{buildroot}%{libdir} + cp -a webapps/* %{buildroot}%{tomcatappdir} +popd +# tomcat embedded +pushd output/embed + cp -a *.jar %{buildroot}%{libdir} +popd + +# javadoc +cp -a output/dist/webapps/docs/api/* %{buildroot}%{_javadocdir}/%{name} + +sed -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ + -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE1} \ + > %{buildroot}%{confdir}/%{name}.conf +sed -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ + -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \ + > %{buildroot}%{_fillupdir}/sysconfig.%{name} +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE4} \ + > %{buildroot}%{_sbindir}/%{name} +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE11} \ + > %{buildroot}%{_unitdir}/%{name}.service +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE20} \ + > %{buildroot}%{_unitdir}/%{name}-jsvc.service +sed -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \ + > %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +sed -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ + -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \ + > %{buildroot}%{_bindir}/%{name}-digest +sed -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ + -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \ + > %{buildroot}%{_bindir}/%{name}-tool-wrapper + +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE21} \ + > %{buildroot}%{_libexecdir}/%{name}/functions +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE30} \ + > %{buildroot}%{_libexecdir}/%{name}/preamble +chmod 0755 %{buildroot}%{_libexecdir}/%{name}/preamble +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE31} \ + > %{buildroot}%{_libexecdir}/%{name}/server +chmod 0755 %{buildroot}%{_libexecdir}/%{name}/server +sed -e "s|@LIBEXECDIR@|%{_libexecdir}|g" %{SOURCE32} \ + > %{buildroot}%{_unitdir}/%{name}@.service + +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name} +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name}-jsvc + +# create jsp and servlet and el API symlinks +pushd %{buildroot}%{_javadir} + mv %{name}/jsp-api.jar %{name}-jsp-%{jspspec}-api.jar + ln -s %{name}-jsp-%{jspspec}-api.jar %{name}-jsp-api.jar + mv %{name}/servlet-api.jar %{name}-servlet-%{servletspec}-api.jar + ln -s %{name}-servlet-%{servletspec}-api.jar %{name}-servlet-api.jar + ln -s %{name}-servlet-%{servletspec}-api.jar %{name}-servlet.jar + mv %{name}/el-api.jar %{name}-el-%{elspec}-api.jar + ln -s %{name}-el-%{elspec}-api.jar %{name}-el-api.jar +popd + +pushd output/build + %{_bindir}/build-jar-repository -s lib commons-collections \ + commons-dbcp2 commons-pool2 ecj/ecj 2>&1 + # need to use -p here with b-j-r otherwise the examples webapp fails to + # load with a java.io.IOException + %{_bindir}/build-jar-repository -p webapps/examples/WEB-INF/lib \ + taglibs-core.jar taglibs-standard.jar 2>&1 +popd + +pushd %{buildroot}%{libdir} + # symlink JSP and servlet and el API jars + ln -s ../%{name}-jsp-%{jspspec}-api.jar . + ln -s ../%{name}-servlet-%{servletspec}-api.jar . + ln -s ../%{name}-el-%{elspec}-api.jar . + ln -s $(build-classpath commons-collections) commons-collections.jar + rm -f commons-dbcp.jar + ln -s $(build-classpath commons-dbcp2) commons-dbcp2.jar + ln -s $(build-classpath commons-pool2) commons-pool2.jar + ln -s $(build-classpath ecj/ecj) jasper-jdt.jar + rm ecj.jar + ln -s $(build-classpath ecj/ecj) ecj.jar + + # Temporary copy the juli jar here from %%{_datadir}/java/tomcat (for maven depmap) + cp -a %{buildroot}%{bindir}/tomcat-juli.jar ./ +popd + +# symlink to the FHS locations where we've installed things +pushd %{buildroot}%{homedir} + ln -s %{appdir} webapps + ln -s %{confdir} conf + ln -s %{libdir} lib + ln -s %{logdir} logs + ln -s %{tempdir} temp + ln -s %{workdir} work +popd + +# install sample webapp +mkdir -p %{buildroot}%{tomcatappdir}/sample +pushd %{buildroot}%{tomcatappdir}/sample +%jar xf %{buildroot}%{tomcatappdir}/docs/appdev/sample/sample.war +popd + +pushd %{buildroot}%{tomcatappdir}/examples/WEB-INF/lib +ln -s -f $(build-classpath jakarta-taglibs-core) jstl.jar +ln -s -f $(build-classpath jakarta-taglibs-standard) standard.jar +popd + +rm %{buildroot}%{tomcatappdir}/docs/appdev/sample/sample.war + +# Install the maven metadata +install -d -m 0755 %{buildroot}%{_mavenpomdir} +pushd output/dist/src/res/maven +for pom in *.pom; do + # fix-up version in all pom files + sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom +done + +# we won't install dbcp, juli-adapters and juli-extras pom files +for libname in annotations-api catalina jasper-el jasper catalina-ha jaspic-api; do + cp -a %{name}-$libname.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-$libname.pom + %add_maven_depmap JPP.%{name}-$libname.pom %{name}/$libname.jar +done + +# servlet-api jsp-api and el-api are not in tomcat subdir, since they are widely re-used elsewhere +cp -a tomcat-jsp-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-jsp-api.pom +%add_maven_depmap JPP-tomcat-jsp-api.pom tomcat-jsp-api.jar -f jsp-api -a "org.eclipse.jetty.orbit:javax.servlet.jsp" + +cp -a tomcat-el-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-el-api.pom +%add_maven_depmap JPP-tomcat-el-api.pom tomcat-el-api.jar -f el-api -a "org.eclipse.jetty.orbit:javax.el" + +cp -a tomcat-servlet-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-servlet-api.pom +# Generate a depmap fragment javax.servlet:servlet-api pointing to +# tomcat-servlet-3.0-api for backwards compatibility +# also provide jetty depmap (originally in jetty package, but it's cleaner to have it here +%add_maven_depmap JPP-tomcat-servlet-api.pom tomcat-servlet-api.jar -f servlet-api -a "org.mortbay.jetty:servlet-api" + +# two special pom where jar files have different names +cp -a tomcat-tribes.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-catalina-tribes.pom +%add_maven_depmap JPP.%{name}-catalina-tribes.pom %{name}/catalina-tribes.jar + +cp -a tomcat-coyote.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom +%add_maven_depmap JPP.%{name}-tomcat-coyote.pom %{name}/tomcat-coyote.jar + +cp -a tomcat-jni.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-jni.pom +%add_maven_depmap JPP.%{name}-tomcat-jni.pom %{name}/tomcat-jni.jar + +cp -a tomcat-juli.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom +%add_maven_depmap JPP.%{name}-tomcat-juli.pom %{name}/tomcat-juli.jar + +cp -a tomcat-jdbc.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-jdbc.pom +%add_maven_depmap JPP.%{name}-tomcat-jdbc.pom %{name}/tomcat-jdbc.jar + +cp -a tomcat-dbcp.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-dbcp.pom +%add_maven_depmap JPP.%{name}-tomcat-dbcp.pom %{name}/tomcat-dbcp.jar + +cp -a tomcat-api.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom +%add_maven_depmap JPP.%{name}-tomcat-api.pom %{name}/tomcat-api.jar + +cp -a tomcat-util.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-util.pom +%add_maven_depmap JPP.%{name}-tomcat-util.pom %{name}/tomcat-util.jar + +cp -a tomcat-util-scan.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-util-scan.pom +%add_maven_depmap JPP.%{name}-tomcat-util-scan.pom %{name}/tomcat-util-scan.jar + +cp -a tomcat-websocket-api.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-websocket-api.pom +%add_maven_depmap JPP.%{name}-websocket-api.pom %{name}/websocket-api.jar + +cp -a tomcat-websocket.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-websocket.pom +%add_maven_depmap JPP.%{name}-tomcat-websocket.pom %{name}/tomcat-websocket.jar + +cp -a tomcat-embed-core.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-embed-core.pom +%add_maven_depmap JPP.%{name}-tomcat-embed-core.pom %{name}/tomcat-embed-core.jar -f embed + +cp -a tomcat-embed-el.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-embed-el.pom +%add_maven_depmap JPP.%{name}-tomcat-embed-el.pom %{name}/tomcat-embed-el.jar -f embed + +cp -a tomcat-embed-jasper.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-embed-jasper.pom +%add_maven_depmap JPP.%{name}-tomcat-embed-jasper.pom %{name}/tomcat-embed-jasper.jar -f embed + +cp -a tomcat-embed-websocket.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-embed-websocket.pom +%add_maven_depmap JPP.%{name}-tomcat-embed-websocket.pom %{name}/tomcat-embed-websocket.jar -f embed + +# replace temporary copy with link +ln -s -f %{bindir}/tomcat-juli.jar %{buildroot}%{libdir}/ + +# bnc#424675 +ln -s %{cachedir}/Catalina %{buildroot}/%{confdir} +rm -rf %{buildroot}/%{confdir}/Catalina +ln -s %{cachedir}/Catalina %{buildroot}/%{confdir}/ + +# bnc#418664 +install -d -m 0755 %{buildroot}/%{_sysconfdir}/ant.d/ +echo "%{name}/catalina-ant" > %{buildroot}/%{_sysconfdir}/ant.d/catalina-ant +%fdupes %{buildroot} /srv/%{name} +#bnc#565901 +ln -sf %{_sbindir}/%{name} %{buildroot}/%{bindir}/catalina.sh + +# Install update-alternatives content +mkdir -p %{buildroot}%{_sysconfdir}/alternatives +ln -s -f %{_sysconfdir}/alternatives/el_api %{buildroot}%{_javadir}/%{name}-el_api.jar +ln -s -f %{_sysconfdir}/alternatives/el_1_0_api %{buildroot}%{_javadir}/%{name}-el_1_0_api.jar +ln -s -f %{_sysconfdir}/alternatives/jsp %{buildroot}%{_javadir}/%{name}-jsp.jar +# To avoid conflicts with servletapi4 and servletapi5 create a link to incorrect /etc/alternatives/servlet.jar. +# It will be changed anyways to the correct symlink by update-alternatives. +ln -s -f %{_sysconfdir}/alternatives/servlet.jar %{buildroot}%{_javadir}/servlet.jar + +%pre +# add the tomcat user and group +getent group tomcat >/dev/null || %{_sbindir}/groupadd -r tomcat +getent passwd tomcat >/dev/null || %{_sbindir}/useradd -c "Apache Tomcat" \ + -g tomcat -s /sbin/nologin -r -d %{homedir} tomcat +%service_add_pre %{name}.service + +%post +%service_add_post %{name}.service +%{fillup_only %{name}} +chown -R tomcat:tomcat %{confdir}/server.xml +runuser -u tomcat -g tomcat -- xsltproc --output %{confdir}/server.xml %{confdir}/valve.xslt %{confdir}/server.xml + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%pre jsvc +%service_add_pre %{name}-jsvc.service + +%post jsvc +%service_add_post %{name}-jsvc.service + +%preun jsvc +%service_del_preun %{name}-jsvc.service + +%postun jsvc +%service_del_postun %{name}-jsvc.service + +%post el-3_0-api +update-alternatives --install %{_javadir}/%{name}-el_api.jar el_api %{_javadir}/%{name}-el-%{elspec}-api.jar 20300 +update-alternatives --install %{_javadir}/%{name}-el_1_0_api.jar el_1_0_api %{_javadir}/%{name}-el-%{elspec}-api.jar 20300 + +%preun el-3_0-api +if [ $1 -eq 0 ] ; then + update-alternatives --remove el_api %{_javadir}/%{name}-el-%{elspec}-api.jar + update-alternatives --remove el_1_0_api %{_javadir}/%{name}-el-%{elspec}-api.jar +fi + +%post jsp-2_3-api +update-alternatives --install %{_javadir}/%{name}-jsp.jar jsp \ + %{_javadir}/%{name}-jsp-%{jspspec}-api.jar 20200 + +%postun jsp-2_3-api +if [ $1 -eq 0 ] ; then + update-alternatives --remove jsp \ + %{_javadir}/%{name}-jsp-%{jspspec}-api.jar +fi + +%post servlet-4_0-api +update-alternatives --install %{_javadir}/servlet.jar servlet \ + %{_javadir}/%{name}-servlet-%{servletspec}-api.jar 30000 +# Fix for bsc#1092163. +# Keep the /usr/share/java/tomcat-servlet.jar symlink for compatibility. +# In case of update from an older version where /usr/share/java/tomcat-servlet.jar is an alternatives symlink +# the update-alternatives in the new version will cause a rename tomcat-servlet.jar -> servlet.jar. +# This makes sure the tomcat-servlet.jar is recreated if it's missing because of the rename. +if [ ! -f %{_javadir}/%{name}-servlet.jar ]; then + echo "Recreating symlink %{_javadir}/%{name}-servlet.jar" + ln -s %{_javadir}/%{name}-servlet-%{servletspec}-api.jar %{_javadir}/%{name}-servlet.jar +fi + +%postun servlet-4_0-api +if [ $1 -eq 0 ] ; then + if [ ! -f %{_sysconfdir}/alternatives/servlet ]; then + # %{_sysconfdir}/alternatives/servlet was removed on uninstall. + # Create a broken symlink to make sure update-alternatives works correctly and falls back + # to servletapi5 or servletapi4 if they're installed. + ln -s %{_javadir}/%{name}-servlet-%{servletspec}-api.jar %{_sysconfdir}/alternatives/servlet + fi + update-alternatives --remove servlet \ + %{_javadir}/%{name}-servlet-%{servletspec}-api.jar +fi + +%post lib +# those links are no longer needed +rm -f \ + %{libdir}/\[commons-collections-tomcat5\].jar \ + %{libdir}/\[commons-dbcp-tomcat5\].jar \ + %{libdir}/\[commons-pool-tomcat5\].jar \ + %{libdir}/\[ecj\].jar >/dev/null 2>&1 + +%post webapps +chown -R tomcat:tomcat %{tomcatappdir}/examples/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/examples/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/examples ]; then + ln -sf %{tomcatappdir}/examples %{_datadir}/%{name}/webapps/examples +fi +#use the same context.xml for sample war +mkdir -p %{tomcatappdir}/ROOT/META-INF +chown -R tomcat:tomcat %{tomcatappdir}/ROOT/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/ROOT/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/ROOT ]; then + ln -sf %{tomcatappdir}/ROOT %{_datadir}/%{name}/webapps/ROOT +fi +#use the same context.xml for sample war +mkdir -p %{tomcatappdir}/webapps/sample/META-INF +chown -R tomcat:tomcat %{tomcatappdir}/sample/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/sample/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/sample ]; then + ln -sf %{tomcatappdir}/sample %{_datadir}/%{name}/webapps/sample +fi + +%postun webapps +if [ $1 -eq 0 ]; then # uninstall only + rm %{tomcatappdir}/ROOT/META-INF/context.xml + rm %{tomcatappdir}/sample/META-INF/context.xml +fi + +%post admin-webapps +chown -R tomcat:tomcat %{tomcatappdir}/manager/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/manager/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/manager ]; then + ln -sf %{tomcatappdir}/manager %{_datadir}/%{name}/webapps/manager +fi + +chown -R tomcat:tomcat %{tomcatappdir}/host-manager/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/host-manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/host-manager/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/host-manager ]; then + ln -sf %{tomcatappdir}/host-manager %{_datadir}/%{name}/webapps/host-manager +fi + +%post docs-webapp +chown -R tomcat:tomcat %{tomcatappdir}/docs/META-INF +runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/docs/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/docs/META-INF/context.xml +if [ ! -e %{_datadir}/%{name}/webapps/docs ]; then + ln -sf %{tomcatappdir}/docs %{_datadir}/%{name}/webapps/docs +fi + +%files +%doc {LICENSE,NOTICE,RELEASE*} +%attr(0755,root,root) %{_bindir}/%{name}-digest +%attr(0755,root,root) %{_bindir}/%{name}-tool-wrapper +%attr(0755,root,root) %{_sbindir}/%{name} +%attr(0644,root,root) %{_unitdir}/%{name}.service +%{_sbindir}/rc%{name} +%attr(0644,root,root) %{_unitdir}/%{name}@.service +%attr(0755,root,root) %dir %{_libexecdir}/%{name} +%attr(0755,root,root) %dir %{_localstatedir}/lib/tomcats +%attr(0755,root,root) %{_libexecdir}/%{name}/functions +%attr(0755,root,root) %{_libexecdir}/%{name}/preamble +%attr(0755,root,root) %{_libexecdir}/%{name}/server +#bnc#565901 +%{bindir}/catalina.sh +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%attr(0755,root,tomcat) %dir %{basedir} +%attr(0755,root,tomcat) %dir %{confdir} +%attr(0775,root,tomcat) %dir %{appdir} +%attr(0770,tomcat,tomcat) %dir %{logdir} +%attr(0660,tomcat,tomcat) %{logdir}/catalina.out +%attr(0770,root,tomcat) %dir %{cachedir} +%attr(0775,root,tomcat) %dir %{cachedir}/Catalina + +# tomcat group writtable dirs - bnc#625415 +%attr(0770,root,tomcat) %dir %{tempdir} +%attr(0770,root,tomcat) %dir %{workdir} +%attr(0775,root,tomcat) %dir %{tomcatappdir} + +%{confdir}/Catalina +%attr(0755,root,tomcat) %dir %{confdir}/conf.d +%attr(0644,root,tomcat) %{confdir}/conf.d/README +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/%{name}.conf +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/*.policy +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/*.properties +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/context.xml +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/server.xml +# keep tomcat-users.xml readable only by root and tomcat group +%attr(0640,root,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/web.xml +%attr(0644,root,tomcat) %config(noreplace) %{confdir}/jaspic-providers.xml +%attr(0755,root,tomcat) %dir %{homedir} +%attr(0644,root,tomcat) %{bindir}/bootstrap.jar +%attr(0644,root,tomcat) %{bindir}/catalina-tasks.xml +%{homedir}/lib +%{homedir}/temp +%{homedir}/work +%{homedir}/webapps +%{homedir}/logs +%{homedir}/conf +%attr(0644,root,tomcat) %{_fillupdir}/sysconfig.%{name} +%attr(0644,root,tomcat) %{confdir}/allowLinking.xslt +%attr(0644,root,tomcat) %{confdir}/valve.xslt + +%files admin-webapps +%defattr(0644,root,tomcat,0755) +%{tomcatappdir}/host-manager +%config(noreplace) %{tomcatappdir}/host-manager/META-INF/context.xml +%{tomcatappdir}/manager +%config(noreplace) %{tomcatappdir}/manager/META-INF/context.xml + +%files docs-webapp +%{tomcatappdir}/docs + +%files el-3_0-api -f output/dist/src/res/maven/.mfiles-el-api +%{_javadir}/%{name}-el-%{elspec}-api.jar +%{_javadir}/%{name}-el-api.jar +%{libdir}/%{name}-el-%{elspec}-api.jar +%{_javadir}/%{name}-el_1_0_api.jar +%{_javadir}/%{name}-el_api.jar +%ghost %{_sysconfdir}/alternatives/el_1_0_api +%ghost %{_sysconfdir}/alternatives/el_api + +%files javadoc +%doc %{_javadocdir}/%{name} + +%files jsp-2_3-api -f output/dist/src/res/maven/.mfiles-jsp-api +%{_javadir}/%{name}-jsp-%{jspspec}-api.jar +%{_javadir}/%{name}-jsp-api.jar +%{_javadir}/%{name}-jsp.jar +%ghost %{_sysconfdir}/alternatives/jsp + +%files lib -f output/dist/src/res/maven/.mfiles +%{libdir} +%dir %{bindir} +%{bindir}/tomcat-juli.jar +%exclude %{libdir}/%{name}-el-%{elspec}-api.jar +%exclude %{libdir}/%{name}*-embed-*.jar +# bnc#418664 +%dir %{_sysconfdir}/ant.d +%config(noreplace) %{_sysconfdir}/ant.d/catalina-ant + +%files embed -f output/dist/src/res/maven/.mfiles-embed +%dir %{libdir} + +%files servlet-4_0-api -f output/dist/src/res/maven/.mfiles-servlet-api +%license LICENSE +%{_javadir}/%{name}-servlet-%{servletspec}-api.jar +%{_javadir}/%{name}-servlet-api.jar +%{_javadir}/%{name}-servlet.jar +%{_javadir}/servlet.jar +%ghost %{_sysconfdir}/alternatives/servlet + +%files webapps +%defattr(0644,root,tomcat,0755) +#bnc#520532 +%config(noreplace) %{tomcatappdir}/ROOT +%{tomcatappdir}/examples +%config(noreplace) %{tomcatappdir}/examples/META-INF/context.xml +%{tomcatappdir}/sample + +%files jsvc +%defattr(755,root,root,0755) +%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service +%{_sbindir}/rc%{name}-jsvc + +%changelog diff --git a/valve.xslt b/valve.xslt new file mode 100644 index 0000000..a3c791c --- /dev/null +++ b/valve.xslt @@ -0,0 +1,16 @@ + + + + + + + + + + + + false + + + +