pool/tomcat
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
tomcat/tomcat-9.0-sle.catalina.policy.patch

31 lines
1.4 KiB
Diff
Raw Normal View History

- Update to Tomcat 9.0.98 * Fixed CVEs: + CVE-2024-54677: DoS in examples web application (bsc#1233434) + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) * Catalina + Add: Add option to serve resources from subpath only with WebDAV Servlet like with DefaultServlet. (michaelo) + Fix: Add special handling for the protocols attribute of SSLHostConfig in storeconfig. (remm) + Fix: 69442: Fix case sensitive check on content-type when parsing request parameters. (remm) + Code: Refactor duplicate code for extracting media type and subtype from content-type into a single method. (markt) + Fix: Compatibility of generated embedded code with components where constructors or property related methods throw a checked exception. (remm) + Fix: The previous fix for inconsistent resource metadata during concurrent reads and writes was incomplete. (markt) + Fix: 69444: Ensure that the javax.servlet.error.message request attribute is set when an application defined error page is called. (markt) + Fix: Avoid quotes for numeric values in the JSON generated by the status servlet. (remm) + Add: Add strong ETag support for the WebDAV and default servlet, which can be enabled by using the useStrongETags init parameter with a value set to true. The ETag generated will be a SHA-1 checksum of the resource content. (remm) + Fix: Use client locale for directory listings. (remm) + Fix: 69439: Improve the handling of multiple Cache-Control headers in the ExpiresFilter. Based on pull request #777 by Chenjp. (markt) + Fix: 69447: Update the support for caching classes the web application class loader cannot find to take account of classes loaded from external OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=325
2025-01-06 16:20:19 +00:00
Index: apache-tomcat-9.0.82-src/conf/catalina.policy
===================================================================
--- apache-tomcat-9.0.82-src.orig/conf/catalina.policy
+++ apache-tomcat-9.0.82-src/conf/catalina.policy
@@ -171,6 +171,9 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
// Precompiled JSPs need access to these packages.
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
@@ -220,6 +223,15 @@ grant codeBase "file:${catalina.home}/we
};
+// Additional basic permissions for web applications.
+grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
+ permission java.security.AllPermission;
+};
+
// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
Reference in New Issue Copy Permalink