Sync from SUSE:SLFO:Main tomcat10 revision 2dd7519b456bf3227264893c333a174c

2024-07-22 17:46:58 +02:00 · 2024-07-22 17:46:58 +02:00 · afbfacfa11
commit afbfacfa11
parent e896402d82
7 changed files with 185 additions and 24 deletions
--- a/apache-tomcat-10.1.20-src.tar.gz
+++ b/apache-tomcat-10.1.20-src.tar.gz
--- a/apache-tomcat-10.1.20-src.tar.gz.asc
+++ b/apache-tomcat-10.1.20-src.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmX5itQACgkQHPApP6U8
-pFhopA/+K7t0yWfvbBhzqcAq/fwRG8r9/0pdYpSCNLXyNslSkzT9ZPcvEBQx5n1G
-dXsi9wqymY42YLnY7ABKTtk1jQucTSITAm3lhMC10Ql8Y3Aqbw3YZbAM5DeVThe6
-gX/aju76WNMKNHqMPOq4sQ5M99jD3C+qu3kRl8Hgx6Ro8qQ0tzxlQkKZJPtYDJZ5
-PCrRICZBLKzoP9max7aSCcTkU5BBeSmXURlI4HOKA5JNh03BI4FBrTpwcJzPL7Jq
-S4e+ZGv4//M/fRAFm9NpDqps7uTV/ELA6AMhx+2Zw7yvwUqa/JhC7qVIEKVJF0Kh
-N2afnyVCSCBSi+ZMemFxjPMyCPNREpCus9OynuP+otxoYSiZjTLeavDbSHPLva07
-dGaRQ8z+yHJ5xg1YuGG9k8AoLMR+1kcVwICrFxauKmdXFbhneZHZexjzpuRtgUmF
-zOWzXCOtJo3VDN4mYL+5ZMibkm0oTa3JhcqHyjOIHYVlAHNXr3w2Qhq1WaM+9yUb
-RXuYf7y6teJPnLWCHSJo1hjbrIa+33pMRZg/+Jrp/11Y6qlJrk1xdElGwwaR7iw2
-TmJme2DFMM9RVgyJLiptNYKnHcAmJdHfqypcldrr+nQ1XkqLY58GOq+dTb0WT7ix
-CJGBo79aRY1ewy++UHLOBoRqFdMR+2mKopVmUWVKO9ahzts/St8=
-=39SI
-----END PGP SIGNATURE-----
--- a/apache-tomcat-10.1.25-src.tar.gz
+++ b/apache-tomcat-10.1.25-src.tar.gz
--- a/apache-tomcat-10.1.25-src.tar.gz.asc
+++ b/apache-tomcat-10.1.25-src.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - http://gpgtools.org
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmZsrB0ACgkQHPApP6U8
+pFgWehAAsL94Pf+o5NqhdP9RXxOLfGkAjwC6UdWEGbi/UUhJz/tEx3A66P3eyKJx
+KZw+0oqnwI9dXNry9TH3zZHk1Qj93HzOQRPolomCZWnwAcq964IutIc0PQMvga8+
+kaNfCloaOo9+VPeOAQ5rSn2jbdui+lYuTvHUuMiJ2+/U33Dn45JtTY+sQZxGFI0D
+OM9Bu7j64Vxp6tLMtYwcO33vsKnlT6WmC7NekkbyWlkLIDTKfaNp6PstKI1cxOvY
+8Cc1G276iGjPsyf06ooPZ6yunXYOXXT5SSsyvsKdWyacdFQ9BxlC5asOIwr+OKjp
+6tDIWK2RZQPs5fVGAeW4+6YN4jpTDrjjJvvC2M/Quyn7eRME0yB7qa6QAFM7mpqk
+oATHa+np0X3a5iNHW6w61En1F8yG2DtMyxIApkS25SGyA3XCRmZy2v14WPEaJURb
+PTrXY4+p18ae7cB6R5eoQZlBMxN+yqmwr7+RLcU3bTvMb65g19RPUcZ78/aKWteF
+G0wHn/QQy1yjDg4zJ0RQZzF0GhChux/G8Is423PiAskQJjQMB2O39PJV3D+hbrwk
+VXkH1JNwl5O18S76o0/t7eMF1Z1LViyS3Ldr/M9vpxtGmtX5VdfzmZ+Z6+JvAaZI
+Ae7aA9B3BLWGiAjJNsu2FBY94jx2FZJgedg3pvPIyFSP6+W1Hg=
+=l6Tt
+-----END PGP SIGNATURE-----
--- a/tomcat-10.1-build-with-java-11.patch
+++ b/tomcat-10.1-build-with-java-11.patch
@ -1,13 +1,13 @@
-Index: apache-tomcat-10.1.18-src/build.xml
+Index: apache-tomcat-10.1.25-src/build.xml
 ===================================================================
--- apache-tomcat-10.1.18-src.orig/build.xml
-+++ apache-tomcat-10.1.18-src/build.xml
+--- apache-tomcat-10.1.25-src.orig/build.xml
+++ apache-tomcat-10.1.25-src/build.xml
@@ -108,7 +108,7 @@
   <!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
   <property name="compile.release" value="11"/>
   <property name="min.java.version" value="11"/>
 -  <property name="build.java.version" value="17"/>
 +  <property name="build.java.version" value="11"/>
+   <property name="release.java.version" value="22"/>
 
   <!-- Check Java Build Version -->
-   <fail message="Java version ${build.java.version} or newer is required (${java.version} is installed)">
--- a/tomcat10.changes
+++ b/tomcat10.changes
@ -1,4 +1,164 @@
 -------------------------------------------------------------------
+Tue Jul  9 12:52:37 UTC 2024 - Ricardo Mestre <ricardo.mestre@suse.com>
+
+- Update to Tomcat 10.1.25
+  * Fixed CVEs:
+    + CVE-2024-34750: Improper handling of exceptional conditions
+      (bsc#1227399)
+  * Catalina
+    + Add: Add support for shallow copies when using WebDAV. (markt)
+    + Code: Deprecate the WebdavFixFilter as it is no longer required. (markt)
+    + Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64.
+      Submitted by Daniel Lyko. (remm)
+    + Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for
+      retrieving extended/additional information from an established GSS
+      context. (michaelo)
+    + Fix: Correct a regression in the fix for 68721 that caused some instances
+      of LinkageError to be reported as ClassNotFoundException. (markt)
+    + Fix: Ensure that static resources deployed via a JAR file remain
+      accessible when the context is configured to use a bloom filter. Based on
+      pull request #730 provided by bergander. (markt)
+    + Add: Introduce reference counting so the AprLifecycleListener is more
+      robust. This particularly targets more complex embedded configurations
+      with multiple server instances with independent lifecycles where more than
+      one server instance requires the AprLifecycleListener. (markt)
+    + Add: Small performance optimization when logging cookies with no values.  
+      (schultz)
+    + Fix: Correct error handling for asynchronous requests. If the application
+      performs an dispatch during AsyncListener.onError() the dispatch is now
+      performed rather than completing the request using the error page
+      mechanism. (markt)
+    + Add: Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a
+      customizable style. (schultz)
+    + Add: Add more timescale options to AccessLogValve and
+      ExtendedAccessLogValve. Allow timescales to apply to "time-taken" token in
+      ExtendedAccessLogValve. (schultz)
+    + Fix: Fix WebDAV lock null (locks for non existing resources) thread safety
+      and removal. (remm)
+    + Fix: Add periodic checking for WebDAV locks expiration. (remm)
+    + Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo)
+    + Fix: Remove MBean metadata for attibutes that have been removed. Based on
+      pull request #719 by Shawn Q. (markt)
+    + Update: Deprecate and remove sessionCounter (replaced by the addition of
+      the active session count and the expired session count, as a reasonable
+      approximation) and duplicates (which does not represent a possible event
+      in current implementations) statistics from the session manager. (remm)
+    + Fix: 68890 Align output encoding of JSPs in the Manager webapp with the
+      XML declarations in those same files. (schultz)
+    + Fix: Update Basic authentication to implement the requirements of RFC 7617
+      including the changing of the trimCredentials setting which is now
+      defaults to false. Note that the trimCredentials setting will be removed
+      in Tomcat 11. (markt)
+    + Fix: Change the thread-safety mechanism for protecting
+      StandardServer.services from a simple synchronized lock to a
+      ReentrantReadWriteLock to allow multiple readers to operate
+      simultaneously. Based upon a suggestion by Markus Wolfe. (schultz)
+    + Fix: Improve Service connectors, Container children and Service executors
+      access sync using a ReentrantReadWriteLock. (remm)
+    + Fix: Improve handling of integer overflow if an attempt is made to upload
+      a file via the Servlet API and the file is larger than
+      Integer.MAX_VALUE. (markt)
+    + Fix: 68862: Handle possible response commit when processing read errors.  
+      (remm)
+  * Jasper
+    + Fix: 68546: Small additional optimisation for initial loading of Servlet
+      code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt)
+    + Add: Add support for specifying Java 23 (with the value 23) as the
+      compiler source and/or compiler target for JSP compilation. If used with
+      an Eclipse JDT compiler version that does not support these values, a
+      warning will be logged and the default will used. (markt)
+  * Web applications
+    + Add: Add the ability to set a sub-title for the Manager web application
+      main page. This is intended to allow users with lots of instances to
+      easily distinguish them. Based on pull request #724 by Simon Arame.  
+      (markt)
+    + Fix: Examples: Improve performance of WebSocket chat application when
+      multiple clients disconnect at the same time. (markt)
+    + Update: Examples: Increase the number of previous messages displayed when
+      using the WebSocket chat application. (markt)
+    + Fix: Examples: Improve performance of WebSocket snake application when
+      multiple clients disconnect at the same time. (markt)
+  * Coyote
+    + Fix: Fix OpenSSL FFM use of ERR_error_string with a 128 byte buffer, and
+      use ERR_error_string_n instead. (remm)
+    + Fix: Fix a crash on Windows setting CA certificate on null path. (remm)
+    + Fix: 69068: Ensure read timouts are triggered for asynchronous,
+      non-blocking reads when using HTTP/2. (markt)
+    + Update: 69133: Add task queue size configuration on the Connector element,
+      similar to the Executor element, for consistency. (remm)
+    + Fix: Make counting of active HTTP/2 streams per connection more robust.  
+      (markt)
+    + Add: Add support for TLS 1.3 client initiated re-keying. (markt)
+    + Fix: Improve the algorithm used to identify the IP address to use to
+      unlock the acceptor thread when a Connector is listening on all local
+      addresses. Interfaces that are configured for point to point connections
+      or are not currently up are now skipped. (markt)
+    + Fix: Align non-secure and secure writes with NIO and skip the write
+      attempt when there are no bytes to be written. (markt)
+    + Fix: Allow any positive value for socket.unlockTimeout. If a negative or
+      zero value is configured, the default of 250ms will be used. (mark)
+    + Fix: Reduce the time spent waiting for the connector to unlock. The
+      previous default of 10s was noticeably too long for cases where the unlock
+      has failed. The wait time is now 100ms plus twice socket.unlockTimeout.  
+      (markt)
+    + Fix: Ensure that the onAllDataRead() event is triggered when the request
+      body uses chunked encoding and is read using non-blocking IO. (markt)
+    + Fix: 68934: Add debug logging in the latch object when exceeding
+      maxConnections. (remm)
+    + Fix: Refactor trailer field handling to use a MimeHeaders instance to
+      store trailer fields. (markt)
+    + Fix: Ensure that multiple instances of the same trailer field are handled
+      correctly. (markt)
+    + Fix: Fix non-blocking reads of chunked request bodies. (markt)
+    + Fix: When an invalid HTTP response header was dropped, an off-by-one error
+      meant that the first header in the response was also dropped. Fix based on
+      pull request #710 by foremans. (markt)
+    + Fix: Fix bnd jar descriptor to include the OpenSSL FFM support. (remm)
+    + Fix: Add OpenSSL FFM classes to tomcat-embed-core.jar. (remm)
+    + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
+      OpenSSL support may be enabled by adding the
+      org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server
+      element when using Java 22 or later. (remm)
+  * WebSocket
+    + Fix: 68884: Reduce the write timeout when writing WebSocket close messages
+      for abnormal closes. The timeout defaults to 50 milliseconds and may be
+      controlled using the
+      org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property
+      in the user properties collection associated with the WebSocket session.  
+      (markt)
+  * Other
+    + Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby
+      that runs on Java 17. (markt)
+    + Update: Update to Commons Daemon 1.4.0. (markt)
+    + Update: Update to Objenesis 3.4. (markt)
+    + Update: Update to Checkstyle 10.17.0. (markt)
+    + Update: Update to SpotBugs 4.8.5. (markt)
+    + Add: Improvements to French translations. (remm)
+    + Add: Improvements to Japanese translations by tak7iji. (markt)
+    + Update: Switch to using the Base64 encoder and decoder provided by the JRE
+      rather than the version provided by Commons Codec. The internal fork of
+      Commons Codec has been deprecated and will be removed in Tomcat 11.  
+      (markt)
+    + Update: Update NSIS to 3.10. (mark0t)
+    + Update: Update UnboundID to 7.0.0. (markt)
+    + Update: Update Checkstyle to 10.16.0. (markt)
+    + Update: Update JaCoCo to 0.8.12. (markt)
+    + Update: Update SpotBugs to 4.8.4. (markt)
+    + Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
+    + Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
+    + Add: Improvements to French translations. (remm)
+    + Add: Improvements to Japanese translations by tak7iji. (markt)
+    + Fix: Release re-built using correct JDK version.
+    + Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
+    + Update: Update the internal fork of Apache Commons Codec to 1.16.1.  
+      (markt)
+    + Add: Improvements to French translations. (remm)
+    + Add: Improvements to Japanese translations by tak7iji. (remm)
+    + Add: Improvements to Chinese translations by leeyazhou. (remm)  
+- Modified patch:
+  * tomcat-10.1-build-with-java-11.patch
+    + rediff to changed context 
+-------------------------------------------------------------------
 Fri Apr  5 16:00:06 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>

 - Update to Tomcat 10.1.20
--- a/tomcat10.spec
+++ b/tomcat10.spec
@ -29,7 +29,7 @@
 %define elspec %{elspec_major}.%{elspec_minor}
 %define major_version 10
 %define minor_version 1
-%define micro_version 20
+%define micro_version 25
 %define java_major 1
 %define java_minor 11
 %define java_version %{java_major}.%{java_minor}