Accepting request 1146829 from Java:packages

post-embargo sync with SLE OBS-URL: https://build.opensuse.org/request/show/1146829 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=103
2024-02-15 20:01:09 +00:00 · 2024-02-15 20:01:09 +00:00 · 62ce039b94
commit 62ce039b94
parent c2673ffc79 c9076a2e84
2 changed files with 25 additions and 10 deletions
--- a/tomcat.changes
+++ b/tomcat.changes
@ -3,6 +3,12 @@ Tue Feb  6 09:55:04 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
 - rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)
 -------------------------------------------------------------------
 Fri Jan 26 12:33:23 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
 - Fixed CVEs:
  * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)
 -------------------------------------------------------------------
 Wed Jan 17 16:57:21 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
--- a/tomcat.spec
+++ b/tomcat.spec
@ -562,7 +562,8 @@ getent passwd tomcat >/dev/null || %{_sbindir}/useradd -c "Apache Tomcat" \
 %post
 %service_add_post %{name}.service
 %{fillup_only %{name}}
-xsltproc  --output %{confdir}/server.xml %{confdir}/valve.xslt %{confdir}/server.xml
+chown -R tomcat:tomcat %{confdir}/server.xml
 runuser -u tomcat -g tomcat -- xsltproc --output %{confdir}/server.xml %{confdir}/valve.xslt %{confdir}/server.xml
 %preun
 %service_del_preun %{name}.service
@ -636,17 +637,22 @@ rm -f \
    %{libdir}/\[ecj\].jar >/dev/null 2>&1
 %post webapps
-xsltproc --output %{tomcatappdir}/ROOT/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/examples/META-INF
-if [ ! -e %{_datadir}/%{name}/webapps/ROOT ]; then
+runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/examples/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
    ln -sf  %{tomcatappdir}/ROOT %{_datadir}/%{name}/webapps/ROOT
 fi
 xsltproc --output %{tomcatappdir}/examples/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/examples ]; then
    ln -sf %{tomcatappdir}/examples %{_datadir}/%{name}/webapps/examples
 fi
 #use the same context.xml for sample war
 mkdir -p %{tomcatappdir}/ROOT/META-INF
 chown -R tomcat:tomcat %{tomcatappdir}/ROOT/META-INF
 runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/ROOT/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/ROOT ]; then
    ln -sf  %{tomcatappdir}/ROOT %{_datadir}/%{name}/webapps/ROOT
 fi
 #use the same context.xml for sample war
 mkdir -p %{tomcatappdir}/webapps/sample/META-INF
-xsltproc --output %{tomcatappdir}/sample/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/sample/META-INF
 runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/sample/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/sample ]; then
    ln -sf %{tomcatappdir}/sample  %{_datadir}/%{name}/webapps/sample
 fi
@ -658,18 +664,21 @@ if [ $1 -eq 0 ]; then # uninstall only
 fi
 %post admin-webapps
-xsltproc --output %{tomcatappdir}/manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/manager/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/manager/META-INF
 runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/manager/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/manager ]; then
    ln -sf %{tomcatappdir}/manager %{_datadir}/%{name}/webapps/manager
 fi
-xsltproc --output %{tomcatappdir}/host-manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/host-manager/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/host-manager/META-INF
 runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/host-manager/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/host-manager/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/host-manager ]; then
    ln -sf %{tomcatappdir}/host-manager %{_datadir}/%{name}/webapps/host-manager
 fi
 %post docs-webapp
-xsltproc --output %{tomcatappdir}/docs/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/docs/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/docs/META-INF
 runuser -u tomcat -g tomcat -- xsltproc --output %{tomcatappdir}/docs/META-INF/context.xml %{confdir}/allowLinking.xslt %{tomcatappdir}/docs/META-INF/context.xml
 if [ ! -e %{_datadir}/%{name}/webapps/docs ]; then
    ln -sf %{tomcatappdir}/docs %{_datadir}/%{name}/webapps/docs
 fi