Accepting request 1254481 from Java:packages

OBS-URL: https://build.opensuse.org/request/show/1254481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=115

apache-tomcat-9.0.102-src.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmfGBbUACgkQaCSJWTWe
+ciucbA/5AYI47J3tlOLsRdtvH815aXghxAEbOMkHtJJS79Y+I0d4CWS4jqpL++oX
+jIOfZsO1D9rJ9A0d/F0IbMym7fgDItlvOOAXHMpLWEo9TF7gTXhFuiqcl/5K24qa
+n9MMMZJOFR7599IE6Ie6spq+7FgO7/AF7s4zVzqJU661yH3ZgGftS5VcYvfX77vg
+ErCsjE/v0foqcG0PwgmUYbWzFYeI6DR8mwRXIvCGZxCH7PqYlwDdsnF4usFhQDGN
+Y6c7DKLAamd8Z7vyPejpoNnBBYr5o/BpKNSgAKvOMpy2N0vI1DAMBhCjPkASvxvr
+bdSkxNhqRgicnEmEFMtvQW4dapkjUBJ9aswdYEEHmkE4zLUp4tkadjetqnwdrv+F
+DRij5uOgj7kSNDjTee4lxMGpSMoXF447KRDjzvnj2m1/XHQhV/Rpf9yjG8Welkj6
+KIZaEe02XlfHgExxX7rH2fVvzbtAUapKgyhaQ+nTynJqZ0pgMRDr8epqgoFxiepI
+ZcdeoRTvkVAcdBdheNpNg4sRzCVauKuAyh7CfbRUIXJwF3hEBKAp8ZNldlbzK+mO
+G1Kx+fskzYtRHi3eUpiPweXg4fnw3ZDeFqcsYhV6/7z1RMznP4xIlqGSFdctxXBC
+qb/cjb7GIU5ZKlWO9NhY4MadGUXSbJmZjtI8Ztz6q+2GJ0zmJtw=
+=4WIa
+-----END PGP SIGNATURE-----

apache-tomcat-9.0.99-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9fbe452992872687b0283303a8587c9fa782e7a3dbf164a9e2541a7e820ef6be
-size 7124431

apache-tomcat-9.0.99-src.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmeidH8ACgkQaCSJWTWe
-ciuMWw//cUnP6qSRnEwrwt5Kjhv0RBTk7cDnehF7yODxQ90QVFO8rHb7abfAvnEy
-RLn2pMwbweKUbyoRAdogL1nhBscwrlDjAxYZPLc+IAxWX3ln1Jmb327G/XHGbwnh
-NBickaG7dmWsMs7giJcCYEAD5vDGSIdN6TEePN5D+rVB+VyWnSjPznHwyBAjtSeU
-7MPQ18SkcIAAhO2DxkWkRgA7i76wOOta4e4xr6d0pR5FQ2zZlym1AW6YImqTZRpX
-JB2rCaZ+OxgeiCY6US2LdB+lGP5vFb10vZCzfIFqY55IyvppNeeRNRSWBGyo6Nyh
-z6BfprD/8iOeTvicZ1y5zuPLhKOoADrZkfoN7bKn71+NjfiFsVr7qx0ZdpzJDJKW
-ITT6EjuH2tFtTN3x41/MdhN8QqS3Orx8OHwze0HNIX6dtkAoEIxx9xaKF35OFJrU
-ogzBJ1TxHKiKLBSs7lRsnop4un09HHMOrSCMa0Q6R0BeXv8vZuq0uD3eyP2vmWpy
-uOi4rh49Tq9CgF1tffTyCqduqF8NyMzKNPxRjlQ9PPUFMKZ/xLS/7WeDmkR01I/G
-+RLt9eCF95gHJndxxkHbJmotx0R1eTofQqH6Q5ot29AZDDaZ18ry0TunwaxDhyxl
-NgC8PTPnJmDm3KKQwxDboWhlJNzWh5yFpXaR5eeO0BKddnJlCrI=
-=0ta0
------END PGP SIGNATURE-----

tomcat.changes

@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Tue Mar 18 21:04:04 UTC 2025 - Ricardo Mestre <ricardo.mestre@suse.com>
+
+- Update to Tomcat 9.0.102
+  * Fixes:
+    + launch with java 17 (bsc#1239676)
+  * Catalina
+    + Fix: Weak etags in the If-Range header should not match as strong etags
+      are required. (remm)
+    + Fix: When looking up class loader resources by resource name, the resource
+      name should not start with '/'. If the resource name does start with '/',
+      Tomcat is lenient and looks it up as if the '/' was not present. When the
+      web application class loader was configured with external repositories and
+      names starting with '/' were used for lookups, it was possible that cached
+      'not found' results could effectively hide lookup results using the
+      correct resource name. (markt)
+    + Fix: Enable the JNDIRealm to validate credentials provided to
+      HttpServletRequest.login(String username, String password) when the realm
+      is configured to use GSSAPI authentication. (markt)
+    + Fix: Fix a bug in the JRE compatibility detection that incorrectly
+      identified Java 19 and Java 20 as supporting Java 21 features. (markt)
+    + Fix: Improve the checks for exposure to and protection against
+      CVE-2024-56337 so that reflection is not used unless required. The checks
+      for whether the file system is case sensitive or not have been removed.
+      (markt)
+    + Fix: Avoid scenarios where temporary files used for partial PUT would not
+      be deleted. (remm)
+    + Fix: 69602: Fix regression in releases from 12-2024 that were too strict
+      and rejected weak etags in the If-Range header. (remm)
+    + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught
+      exception introduced for the check for CVE-2024-56337. (remm)
+  * Cluster
+    + Add: 69598: Add detection of service account token changes to the
+      KubernetesMembershipProvider implementation and reload the token if it
+      changes. Based on a patch by Miroslav Jezbera. (markt)
+  * Coyote
+    + Fix: 69575: Avoid using compression if a response is already compressed
+      using compress, deflate or zstd. (remm)
+    + Update: Use Transfer-Encoding for compression rather than Content-Encoding
+      if the client submits a TE header containing gzip. (remm)
+    + Fix: Fix a race condition in the handling of HTTP/2 stream reset that
+      could cause unexpected 500 responses. (markt)
+  * Other
+    + Add: Add makensis as an option for building the Installer for Windows on
+      non-Windows platforms. (rjung/markt)
+    + Update: Update Byte Buddy to 1.17.1. (markt)
+    + Update: Update Checkstyle to 10.21.3. (markt)
+    + Update: Update SpotBugs to 4.9.1. (markt)
+    + Update: Update JSign to 7.1. (markt)
+    + Add: Improvements to French translations. (remm)
+    + Add: Improvements to Japanese translations by tak7iji. (markt)
+    + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON
+      documents. (remm) 
+
 -------------------------------------------------------------------
 Wed Mar 12 16:21:08 UTC 2025 - Ricardo Mestre <ricardo.mestre@suse.com>
 
@@ -104,8 +158,9 @@ Fri Jan  3 16:03:11 UTC 2025 - Ricardo Mestre <ricardo.mestre@suse.com>
 
 - Update to Tomcat 9.0.98
   * Fixed CVEs:
-    + CVE-2024-54677: DoS in examples web application (bsc#1233434)
+    + CVE-2024-54677: DoS in examples web application (bsc#1234664)
     + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+    + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
   * Catalina
     + Add: Add option to serve resources from subpath only with WebDAV Servlet
       like with DefaultServlet. (michaelo)

tomcat.spec

@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 99
+%define micro_version 102
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}