Sync from SUSE:SLFO:Main tomcat10 revision 2dd7519b456bf3227264893c333a174c

2024-07-22 17:46:58 +02:00 · 2024-07-22 17:46:58 +02:00 · afbfacfa11
commit afbfacfa11
parent e896402d82
7 changed files with 185 additions and 24 deletions
--- a/apache-tomcat-10.1.20-src.tar.gz
+++ b/apache-tomcat-10.1.20-src.tar.gz
--- a/apache-tomcat-10.1.20-src.tar.gz.asc
+++ b/apache-tomcat-10.1.20-src.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmX5itQACgkQHPApP6U8
 pFhopA/+K7t0yWfvbBhzqcAq/fwRG8r9/0pdYpSCNLXyNslSkzT9ZPcvEBQx5n1G
 dXsi9wqymY42YLnY7ABKTtk1jQucTSITAm3lhMC10Ql8Y3Aqbw3YZbAM5DeVThe6
 gX/aju76WNMKNHqMPOq4sQ5M99jD3C+qu3kRl8Hgx6Ro8qQ0tzxlQkKZJPtYDJZ5
 PCrRICZBLKzoP9max7aSCcTkU5BBeSmXURlI4HOKA5JNh03BI4FBrTpwcJzPL7Jq
 S4e+ZGv4//M/fRAFm9NpDqps7uTV/ELA6AMhx+2Zw7yvwUqa/JhC7qVIEKVJF0Kh
 N2afnyVCSCBSi+ZMemFxjPMyCPNREpCus9OynuP+otxoYSiZjTLeavDbSHPLva07
 dGaRQ8z+yHJ5xg1YuGG9k8AoLMR+1kcVwICrFxauKmdXFbhneZHZexjzpuRtgUmF
 zOWzXCOtJo3VDN4mYL+5ZMibkm0oTa3JhcqHyjOIHYVlAHNXr3w2Qhq1WaM+9yUb
 RXuYf7y6teJPnLWCHSJo1hjbrIa+33pMRZg/+Jrp/11Y6qlJrk1xdElGwwaR7iw2
 TmJme2DFMM9RVgyJLiptNYKnHcAmJdHfqypcldrr+nQ1XkqLY58GOq+dTb0WT7ix
 CJGBo79aRY1ewy++UHLOBoRqFdMR+2mKopVmUWVKO9ahzts/St8=
 =39SI
 -----END PGP SIGNATURE-----
--- a/apache-tomcat-10.1.25-src.tar.gz
+++ b/apache-tomcat-10.1.25-src.tar.gz
--- a/apache-tomcat-10.1.25-src.tar.gz.asc
+++ b/apache-tomcat-10.1.25-src.tar.gz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org
 iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmZsrB0ACgkQHPApP6U8
 pFgWehAAsL94Pf+o5NqhdP9RXxOLfGkAjwC6UdWEGbi/UUhJz/tEx3A66P3eyKJx
 KZw+0oqnwI9dXNry9TH3zZHk1Qj93HzOQRPolomCZWnwAcq964IutIc0PQMvga8+
 kaNfCloaOo9+VPeOAQ5rSn2jbdui+lYuTvHUuMiJ2+/U33Dn45JtTY+sQZxGFI0D
 OM9Bu7j64Vxp6tLMtYwcO33vsKnlT6WmC7NekkbyWlkLIDTKfaNp6PstKI1cxOvY
 8Cc1G276iGjPsyf06ooPZ6yunXYOXXT5SSsyvsKdWyacdFQ9BxlC5asOIwr+OKjp
 6tDIWK2RZQPs5fVGAeW4+6YN4jpTDrjjJvvC2M/Quyn7eRME0yB7qa6QAFM7mpqk
 oATHa+np0X3a5iNHW6w61En1F8yG2DtMyxIApkS25SGyA3XCRmZy2v14WPEaJURb
 PTrXY4+p18ae7cB6R5eoQZlBMxN+yqmwr7+RLcU3bTvMb65g19RPUcZ78/aKWteF
 G0wHn/QQy1yjDg4zJ0RQZzF0GhChux/G8Is423PiAskQJjQMB2O39PJV3D+hbrwk
 VXkH1JNwl5O18S76o0/t7eMF1Z1LViyS3Ldr/M9vpxtGmtX5VdfzmZ+Z6+JvAaZI
 +Ae7aA9B3BLWGiAjJNsu2FBY94jx2FZJgedg3pvPIyFSP6+W1Hg=
 =l6Tt
 -----END PGP SIGNATURE-----
--- a/tomcat-10.1-build-with-java-11.patch
+++ b/tomcat-10.1-build-with-java-11.patch
@ -1,13 +1,13 @@
-Index: apache-tomcat-10.1.18-src/build.xml
+Index: apache-tomcat-10.1.25-src/build.xml
 ===================================================================
--- apache-tomcat-10.1.18-src.orig/build.xml
+--- apache-tomcat-10.1.25-src.orig/build.xml
-+++ apache-tomcat-10.1.18-src/build.xml
+++ apache-tomcat-10.1.25-src/build.xml
@@ -108,7 +108,7 @@
   <!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
   <property name="compile.release" value="11"/>
   <property name="min.java.version" value="11"/>
 -  <property name="build.java.version" value="17"/>
 +  <property name="build.java.version" value="11"/>
   <property name="release.java.version" value="22"/>
   <!-- Check Java Build Version -->
   <fail message="Java version ${build.java.version} or newer is required (${java.version} is installed)">
--- a/tomcat10.changes
+++ b/tomcat10.changes
@ -1,4 +1,164 @@
 -------------------------------------------------------------------
 Tue Jul  9 12:52:37 UTC 2024 - Ricardo Mestre <ricardo.mestre@suse.com>
 - Update to Tomcat 10.1.25
  * Fixed CVEs:
    + CVE-2024-34750: Improper handling of exceptional conditions
      (bsc#1227399)
  * Catalina
    + Add: Add support for shallow copies when using WebDAV. (markt)
    + Code: Deprecate the WebdavFixFilter as it is no longer required. (markt)
    + Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64.
      Submitted by Daniel Lyko. (remm)
    + Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for
      retrieving extended/additional information from an established GSS
      context. (michaelo)
    + Fix: Correct a regression in the fix for 68721 that caused some instances
      of LinkageError to be reported as ClassNotFoundException. (markt)
    + Fix: Ensure that static resources deployed via a JAR file remain
      accessible when the context is configured to use a bloom filter. Based on
      pull request #730 provided by bergander. (markt)
    + Add: Introduce reference counting so the AprLifecycleListener is more
      robust. This particularly targets more complex embedded configurations
      with multiple server instances with independent lifecycles where more than
      one server instance requires the AprLifecycleListener. (markt)
    + Add: Small performance optimization when logging cookies with no values.  
      (schultz)
    + Fix: Correct error handling for asynchronous requests. If the application
      performs an dispatch during AsyncListener.onError() the dispatch is now
      performed rather than completing the request using the error page
      mechanism. (markt)
    + Add: Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a
      customizable style. (schultz)
    + Add: Add more timescale options to AccessLogValve and
      ExtendedAccessLogValve. Allow timescales to apply to "time-taken" token in
      ExtendedAccessLogValve. (schultz)
    + Fix: Fix WebDAV lock null (locks for non existing resources) thread safety
      and removal. (remm)
    + Fix: Add periodic checking for WebDAV locks expiration. (remm)
    + Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo)
    + Fix: Remove MBean metadata for attibutes that have been removed. Based on
      pull request #719 by Shawn Q. (markt)
    + Update: Deprecate and remove sessionCounter (replaced by the addition of
      the active session count and the expired session count, as a reasonable
      approximation) and duplicates (which does not represent a possible event
      in current implementations) statistics from the session manager. (remm)
    + Fix: 68890 Align output encoding of JSPs in the Manager webapp with the
      XML declarations in those same files. (schultz)
    + Fix: Update Basic authentication to implement the requirements of RFC 7617
      including the changing of the trimCredentials setting which is now
      defaults to false. Note that the trimCredentials setting will be removed
      in Tomcat 11. (markt)
    + Fix: Change the thread-safety mechanism for protecting
      StandardServer.services from a simple synchronized lock to a
      ReentrantReadWriteLock to allow multiple readers to operate
      simultaneously. Based upon a suggestion by Markus Wolfe. (schultz)
    + Fix: Improve Service connectors, Container children and Service executors
      access sync using a ReentrantReadWriteLock. (remm)
    + Fix: Improve handling of integer overflow if an attempt is made to upload
      a file via the Servlet API and the file is larger than
      Integer.MAX_VALUE. (markt)
    + Fix: 68862: Handle possible response commit when processing read errors.  
      (remm)
  * Jasper
    + Fix: 68546: Small additional optimisation for initial loading of Servlet
      code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt)
    + Add: Add support for specifying Java 23 (with the value 23) as the
      compiler source and/or compiler target for JSP compilation. If used with
      an Eclipse JDT compiler version that does not support these values, a
      warning will be logged and the default will used. (markt)
  * Web applications
    + Add: Add the ability to set a sub-title for the Manager web application
      main page. This is intended to allow users with lots of instances to
      easily distinguish them. Based on pull request #724 by Simon Arame.  
      (markt)
    + Fix: Examples: Improve performance of WebSocket chat application when
      multiple clients disconnect at the same time. (markt)
    + Update: Examples: Increase the number of previous messages displayed when
      using the WebSocket chat application. (markt)
    + Fix: Examples: Improve performance of WebSocket snake application when
      multiple clients disconnect at the same time. (markt)
  * Coyote
    + Fix: Fix OpenSSL FFM use of ERR_error_string with a 128 byte buffer, and
      use ERR_error_string_n instead. (remm)
    + Fix: Fix a crash on Windows setting CA certificate on null path. (remm)
    + Fix: 69068: Ensure read timouts are triggered for asynchronous,
      non-blocking reads when using HTTP/2. (markt)
    + Update: 69133: Add task queue size configuration on the Connector element,
      similar to the Executor element, for consistency. (remm)
    + Fix: Make counting of active HTTP/2 streams per connection more robust.  
      (markt)
    + Add: Add support for TLS 1.3 client initiated re-keying. (markt)
    + Fix: Improve the algorithm used to identify the IP address to use to
      unlock the acceptor thread when a Connector is listening on all local
      addresses. Interfaces that are configured for point to point connections
      or are not currently up are now skipped. (markt)
    + Fix: Align non-secure and secure writes with NIO and skip the write
      attempt when there are no bytes to be written. (markt)
    + Fix: Allow any positive value for socket.unlockTimeout. If a negative or
      zero value is configured, the default of 250ms will be used. (mark)
    + Fix: Reduce the time spent waiting for the connector to unlock. The
      previous default of 10s was noticeably too long for cases where the unlock
      has failed. The wait time is now 100ms plus twice socket.unlockTimeout.  
      (markt)
    + Fix: Ensure that the onAllDataRead() event is triggered when the request
      body uses chunked encoding and is read using non-blocking IO. (markt)
    + Fix: 68934: Add debug logging in the latch object when exceeding
      maxConnections. (remm)
    + Fix: Refactor trailer field handling to use a MimeHeaders instance to
      store trailer fields. (markt)
    + Fix: Ensure that multiple instances of the same trailer field are handled
      correctly. (markt)
    + Fix: Fix non-blocking reads of chunked request bodies. (markt)
    + Fix: When an invalid HTTP response header was dropped, an off-by-one error
      meant that the first header in the response was also dropped. Fix based on
      pull request #710 by foremans. (markt)
    + Fix: Fix bnd jar descriptor to include the OpenSSL FFM support. (remm)
    + Fix: Add OpenSSL FFM classes to tomcat-embed-core.jar. (remm)
    + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
      OpenSSL support may be enabled by adding the
      org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server
      element when using Java 22 or later. (remm)
  * WebSocket
    + Fix: 68884: Reduce the write timeout when writing WebSocket close messages
      for abnormal closes. The timeout defaults to 50 milliseconds and may be
      controlled using the
      org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property
      in the user properties collection associated with the WebSocket session.  
      (markt)
  * Other
    + Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby
      that runs on Java 17. (markt)
    + Update: Update to Commons Daemon 1.4.0. (markt)
    + Update: Update to Objenesis 3.4. (markt)
    + Update: Update to Checkstyle 10.17.0. (markt)
    + Update: Update to SpotBugs 4.8.5. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Update: Switch to using the Base64 encoder and decoder provided by the JRE
      rather than the version provided by Commons Codec. The internal fork of
      Commons Codec has been deprecated and will be removed in Tomcat 11.  
      (markt)
    + Update: Update NSIS to 3.10. (mark0t)
    + Update: Update UnboundID to 7.0.0. (markt)
    + Update: Update Checkstyle to 10.16.0. (markt)
    + Update: Update JaCoCo to 0.8.12. (markt)
    + Update: Update SpotBugs to 4.8.4. (markt)
    + Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
    + Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (markt)
    + Fix: Release re-built using correct JDK version.
    + Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
    + Update: Update the internal fork of Apache Commons Codec to 1.16.1.  
      (markt)
    + Add: Improvements to French translations. (remm)
    + Add: Improvements to Japanese translations by tak7iji. (remm)
    + Add: Improvements to Chinese translations by leeyazhou. (remm)  
 - Modified patch:
  * tomcat-10.1-build-with-java-11.patch
    + rediff to changed context 
 -------------------------------------------------------------------
 Fri Apr  5 16:00:06 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
 - Update to Tomcat 10.1.20
--- a/tomcat10.spec
+++ b/tomcat10.spec
@ -29,7 +29,7 @@
 %define elspec %{elspec_major}.%{elspec_minor}
 %define major_version 10
 %define minor_version 1
-%define micro_version 20
+%define micro_version 25
 %define java_major 1
 %define java_minor 11
 %define java_version %{java_major}.%{java_minor}