Accepting request 1139519 from home:mbussolotto:branches:Java:packages
- Update to Tomcat 9.0.85 * Fixed CVEs: + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing (bsc#1217649) * Catalina + Update: 68378: Align extension to MIME type mappings in the global web.xml with those in httpd by adding application/vnd.geogebra.slides for ggs, text/javascript for mjs and audio/ogg for opus. (markt) + Fix: Background processes should not be run concurrently with lifecycle operations of a container. (remm) + Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt) + Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt) + Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt) + Fix: 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter(). (michaelo) + Update: The status servlet included in the manager webapp can now output statistics as JSON, using the JSON=true URL parameter. (remm) + Update: Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + Fix: 67793: Ensure the original session timeout is restored OBS-URL: https://build.opensuse.org/request/show/1139519 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=289
This commit is contained in:
parent
eec71fc139
commit
7984f6fd19
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:064cffa1cdc2087439aaff13e8918fbf85b309ebdc8b7bc6ca7d8da28572d660
|
||||
size 6285653
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmUmo7MACgkQaCSJWTWe
|
||||
ciuclQ//TVgfBHVgphmkiSxW7SFAkLvKbGPYXrVMeHhpgc3A9Gq+XeGTp29uZ8TH
|
||||
sZ4BVCQmzgbsSaDsDDsC3/N0TPEdFlWS2w7a667iYWekNErhzsyf7PlD2cFn11T7
|
||||
FmQ8FerXAgtl4NwY5lt2eX748H5sR9sUpTPHZgM9WEW0CXCEqBswx+tcWT+SgYAP
|
||||
YyGvFWVCr/I4QS5HigNvmH0QjSO4xTisYUyRYcU4w677tO6STLGON30pRe4ki6GL
|
||||
F8I3W98uJKrx+H00zqdTvv0TlG56oQyI5sZBPymQykhts4FW1iXKdH47DrM+FXfW
|
||||
wgCUJjt3mQ/+2lzA4QHpRFoaa1FrCJYByeM22rPBhWLSR9UFBN9yrZb0SbnQkf9j
|
||||
3klubBBJIad0FN/gD8M/FdfjwmEKsJyAHJLWdJZVpif+xV4aUtEX/FWRv6B0B67t
|
||||
6FC8mi3J8DS4sqLtfn/M901MCO6j1XjR78TD02jNzgjD/emxoSfNDst/SRXTyeoc
|
||||
mRid8UgLF8+ecTz0GqDJen3jWmOuKmrzX6I0z9jCSJq3PUkaIS9uM91X0sqHOoqb
|
||||
HH1dE61b1VO5lbEnjnhCVirS+bKCyiJIQRNWtc8Pe0joszqysYKoOY7TssZUpziO
|
||||
w/ekZwRBndDtEtxg2zzjXRMb7Tx8tK7xZE15oLpRXw/WfREJxzI=
|
||||
=T082
|
||||
-----END PGP SIGNATURE-----
|
21
java8.patch
21
java8.patch
@ -1,21 +0,0 @@
|
||||
diff -urEbwB apache-tomcat-9.0.85-src.orig/build.xml apache-tomcat-9.0.85-src/build.xml
|
||||
--- apache-tomcat-9.0.85-src.orig/build.xml 2024-01-17 16:38:45.550245596 +0100
|
||||
+++ apache-tomcat-9.0.85-src/build.xml 2024-01-17 16:39:27.487195879 +0100
|
||||
@@ -107,17 +107,6 @@
|
||||
<!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
|
||||
<property name="compile.release" value="8"/>
|
||||
<property name="min.java.version" value="8"/>
|
||||
- <property name="build.java.version" value="17"/>
|
||||
-
|
||||
- <!-- Check Java Build Version -->
|
||||
- <fail message="Java version ${build.java.version} or newer is required (${java.version} is installed)">
|
||||
- <condition>
|
||||
- <and>
|
||||
- <not><javaversion atleast="${build.java.version}" /></not>
|
||||
- <not><isset property="skip.build.java.version"/></not>
|
||||
- </and>
|
||||
- </condition>
|
||||
- </fail>
|
||||
|
||||
<!-- Locations to create the JAR artifacts -->
|
||||
<!-- Standard JARs -->
|
@ -1,315 +0,0 @@
|
||||
Index: apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/InputBuffer.java
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/java/org/apache/catalina/connector/InputBuffer.java
|
||||
+++ apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/InputBuffer.java
|
||||
@@ -29,6 +29,7 @@ import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import javax.servlet.ReadListener;
|
||||
+import javax.servlet.RequestDispatcher;
|
||||
|
||||
import org.apache.catalina.security.SecurityUtil;
|
||||
import org.apache.coyote.ActionCode;
|
||||
@@ -295,6 +296,7 @@ public class InputBuffer extends Reader
|
||||
*
|
||||
* @throws IOException An underlying IOException occurred
|
||||
*/
|
||||
+ @SuppressWarnings("deprecation")
|
||||
@Override
|
||||
public int realReadBytes() throws IOException {
|
||||
if (closed) {
|
||||
@@ -307,10 +309,24 @@ public class InputBuffer extends Reader
|
||||
|
||||
try {
|
||||
return coyoteRequest.doRead(this);
|
||||
+ } catch (BadRequestException bre) {
|
||||
+ // Set flag used by asynchronous processing to detect errors on non-container threads
|
||||
+ coyoteRequest.setErrorException(bre);
|
||||
+ // In synchronous processing, this exception may be swallowed by the application so set error flags here.
|
||||
+ coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, bre);
|
||||
+ coyoteRequest.getResponse().setStatus(400);
|
||||
+ coyoteRequest.getResponse().setError();
|
||||
+ // Make the exception visible to the application
|
||||
+ throw bre;
|
||||
} catch (IOException ioe) {
|
||||
+ // Set flag used by asynchronous processing to detect errors on non-container threads
|
||||
coyoteRequest.setErrorException(ioe);
|
||||
- // An IOException on a read is almost always due to
|
||||
- // the remote client aborting the request.
|
||||
+ // In synchronous processing, this exception may be swallowed by the application so set error flags here.
|
||||
+ coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, ioe);
|
||||
+ coyoteRequest.getResponse().setStatus(400);
|
||||
+ coyoteRequest.getResponse().setError();
|
||||
+ // Any other IOException on a read is almost always due to the remote client aborting the request.
|
||||
+ // Make the exception visible to the application
|
||||
throw new ClientAbortException(ioe);
|
||||
}
|
||||
}
|
||||
Index: apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/ClientAbortException.java
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/java/org/apache/catalina/connector/ClientAbortException.java
|
||||
+++ apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/ClientAbortException.java
|
||||
@@ -16,14 +16,12 @@
|
||||
*/
|
||||
package org.apache.catalina.connector;
|
||||
|
||||
-import java.io.IOException;
|
||||
-
|
||||
/**
|
||||
* Extend IOException to identify it as being caused by an abort of a request by a remote client.
|
||||
*
|
||||
* @author Glenn L. Nielsen
|
||||
*/
|
||||
-public final class ClientAbortException extends IOException {
|
||||
+public final class ClientAbortException extends BadRequestException {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
Index: apache-tomcat-9.0.82-src/java/org/apache/catalina/core/ApplicationDispatcher.java
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/java/org/apache/catalina/core/ApplicationDispatcher.java
|
||||
+++ apache-tomcat-9.0.82-src/java/org/apache/catalina/core/ApplicationDispatcher.java
|
||||
@@ -41,7 +41,7 @@ import org.apache.catalina.AsyncDispatch
|
||||
import org.apache.catalina.Context;
|
||||
import org.apache.catalina.Globals;
|
||||
import org.apache.catalina.Wrapper;
|
||||
-import org.apache.catalina.connector.ClientAbortException;
|
||||
+import org.apache.catalina.connector.BadRequestException;
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.RequestFacade;
|
||||
import org.apache.catalina.connector.Response;
|
||||
@@ -661,7 +661,7 @@ final class ApplicationDispatcher implem
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
// Servlet Service Method is called by the FilterChain
|
||||
- } catch (ClientAbortException e) {
|
||||
+ } catch (BadRequestException e) {
|
||||
ioException = e;
|
||||
} catch (IOException e) {
|
||||
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
|
||||
@@ -672,7 +672,7 @@ final class ApplicationDispatcher implem
|
||||
wrapper.unavailable(e);
|
||||
} catch (ServletException e) {
|
||||
Throwable rootCause = StandardWrapper.getRootCause(e);
|
||||
- if (!(rootCause instanceof ClientAbortException)) {
|
||||
+ if (!(rootCause instanceof BadRequestException)) {
|
||||
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()),
|
||||
rootCause);
|
||||
}
|
||||
Index: apache-tomcat-9.0.82-src/java/org/apache/catalina/core/StandardWrapperValve.java
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/java/org/apache/catalina/core/StandardWrapperValve.java
|
||||
+++ apache-tomcat-9.0.82-src/java/org/apache/catalina/core/StandardWrapperValve.java
|
||||
@@ -32,7 +32,7 @@ import org.apache.catalina.Container;
|
||||
import org.apache.catalina.Context;
|
||||
import org.apache.catalina.Globals;
|
||||
import org.apache.catalina.LifecycleException;
|
||||
-import org.apache.catalina.connector.ClientAbortException;
|
||||
+import org.apache.catalina.connector.BadRequestException;
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.catalina.valves.ValveBase;
|
||||
@@ -170,7 +170,7 @@ final class StandardWrapperValve extends
|
||||
}
|
||||
|
||||
}
|
||||
- } catch (ClientAbortException | CloseNowException e) {
|
||||
+ } catch (BadRequestException | CloseNowException e) {
|
||||
if (container.getLogger().isDebugEnabled()) {
|
||||
container.getLogger().debug(
|
||||
sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
|
||||
@@ -191,7 +191,7 @@ final class StandardWrapperValve extends
|
||||
// do not want to do exception(request, response, e) processing
|
||||
} catch (ServletException e) {
|
||||
Throwable rootCause = StandardWrapper.getRootCause(e);
|
||||
- if (!(rootCause instanceof ClientAbortException)) {
|
||||
+ if (!(rootCause instanceof BadRequestException)) {
|
||||
container.getLogger().error(sm.getString("standardWrapper.serviceExceptionRoot", wrapper.getName(),
|
||||
context.getName(), e.getMessage()), rootCause);
|
||||
}
|
||||
Index: apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/BadRequestException.java
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ apache-tomcat-9.0.82-src/java/org/apache/catalina/connector/BadRequestException.java
|
||||
@@ -0,0 +1,68 @@
|
||||
+/*
|
||||
+ * Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
+ * contributor license agreements. See the NOTICE file distributed with
|
||||
+ * this work for additional information regarding copyright ownership.
|
||||
+ * The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
+ * (the "License"); you may not use this file except in compliance with
|
||||
+ * the License. You may obtain a copy of the License at
|
||||
+ *
|
||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||
+ *
|
||||
+ * Unless required by applicable law or agreed to in writing, software
|
||||
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ * See the License for the specific language governing permissions and
|
||||
+ * limitations under the License.
|
||||
+ */
|
||||
+package org.apache.catalina.connector;
|
||||
+
|
||||
+import java.io.IOException;
|
||||
+
|
||||
+/**
|
||||
+ * Extend IOException to identify it as being caused by a bad request from a remote client.
|
||||
+ */
|
||||
+public class BadRequestException extends IOException {
|
||||
+
|
||||
+ private static final long serialVersionUID = 1L;
|
||||
+
|
||||
+
|
||||
+ // ------------------------------------------------------------ Constructors
|
||||
+
|
||||
+ /**
|
||||
+ * Construct a new BadRequestException with no other information.
|
||||
+ */
|
||||
+ public BadRequestException() {
|
||||
+ super();
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ /**
|
||||
+ * Construct a new BadRequestException for the specified message.
|
||||
+ *
|
||||
+ * @param message Message describing this exception
|
||||
+ */
|
||||
+ public BadRequestException(String message) {
|
||||
+ super(message);
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ /**
|
||||
+ * Construct a new BadRequestException for the specified throwable.
|
||||
+ *
|
||||
+ * @param throwable Throwable that caused this exception
|
||||
+ */
|
||||
+ public BadRequestException(Throwable throwable) {
|
||||
+ super(throwable);
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ /**
|
||||
+ * Construct a new BadRequestException for the specified message and throwable.
|
||||
+ *
|
||||
+ * @param message Message describing this exception
|
||||
+ * @param throwable Throwable that caused this exception
|
||||
+ */
|
||||
+ public BadRequestException(String message, Throwable throwable) {
|
||||
+ super(message, throwable);
|
||||
+ }
|
||||
+}
|
||||
Index: apache-tomcat-9.0.82-src/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
|
||||
+++ apache-tomcat-9.0.82-src/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
|
||||
@@ -428,6 +428,83 @@ public class TestChunkedInputFilter exte
|
||||
}
|
||||
}
|
||||
|
||||
+
|
||||
+ @Test
|
||||
+ public void testTrailerHeaderNameNotTokenThrowException() throws Exception {
|
||||
+ doTestTrailerHeaderNameNotToken(false);
|
||||
+ }
|
||||
+
|
||||
+ @Test
|
||||
+ public void testTrailerHeaderNameNotTokenSwallowException() throws Exception {
|
||||
+ doTestTrailerHeaderNameNotToken(true);
|
||||
+ }
|
||||
+
|
||||
+ private void doTestTrailerHeaderNameNotToken(boolean swallowException) throws Exception {
|
||||
+
|
||||
+ // Setup Tomcat instance
|
||||
+ Tomcat tomcat = getTomcatInstance();
|
||||
+
|
||||
+ // No file system docBase required
|
||||
+ Context ctx = tomcat.addContext("", null);
|
||||
+
|
||||
+ Tomcat.addServlet(ctx, "servlet", new SwallowBodyServlet(swallowException));
|
||||
+ ctx.addServletMappingDecoded("/", "servlet");
|
||||
+
|
||||
+ tomcat.start();
|
||||
+
|
||||
+ String[] request = new String[]{
|
||||
+ "POST / HTTP/1.1" + SimpleHttpClient.CRLF +
|
||||
+ "Host: localhost" + SimpleHttpClient.CRLF +
|
||||
+ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
|
||||
+ "Content-Type: application/x-www-form-urlencoded" + SimpleHttpClient.CRLF +
|
||||
+ "Connection: close" + SimpleHttpClient.CRLF +
|
||||
+ SimpleHttpClient.CRLF +
|
||||
+ "3" + SimpleHttpClient.CRLF +
|
||||
+ "a=0" + SimpleHttpClient.CRLF +
|
||||
+ "4" + SimpleHttpClient.CRLF +
|
||||
+ "&b=1" + SimpleHttpClient.CRLF +
|
||||
+ "0" + SimpleHttpClient.CRLF +
|
||||
+ "x@trailer: Test" + SimpleHttpClient.CRLF +
|
||||
+ SimpleHttpClient.CRLF };
|
||||
+
|
||||
+ TrailerClient client = new TrailerClient(tomcat.getConnector().getLocalPort());
|
||||
+ client.setRequest(request);
|
||||
+
|
||||
+ client.connect();
|
||||
+ client.processRequest();
|
||||
+ // Expected to fail because of invalid trailer header name
|
||||
+ Assert.assertTrue(client.getResponseLine(), client.isResponse400());
|
||||
+ }
|
||||
+
|
||||
+ private static class SwallowBodyServlet extends HttpServlet {
|
||||
+ private static final long serialVersionUID = 1L;
|
||||
+
|
||||
+ private final boolean swallowException;
|
||||
+
|
||||
+ SwallowBodyServlet(boolean swallowException) {
|
||||
+ this.swallowException = swallowException;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
|
||||
+ throws ServletException, IOException {
|
||||
+ resp.setContentType("text/plain");
|
||||
+ PrintWriter pw = resp.getWriter();
|
||||
+
|
||||
+ // Read the body
|
||||
+ InputStream is = req.getInputStream();
|
||||
+ try {
|
||||
+ while (is.read() > -1) {
|
||||
+ }
|
||||
+ pw.write("OK");
|
||||
+ } catch (IOException ioe) {
|
||||
+ if (!swallowException) {
|
||||
+ throw ioe;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
private static class EchoHeaderServlet extends HttpServlet {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
Index: apache-tomcat-9.0.82-src/webapps/docs/changelog.xml
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.82-src.orig/webapps/docs/changelog.xml
|
||||
+++ apache-tomcat-9.0.82-src/webapps/docs/changelog.xml
|
||||
@@ -120,7 +120,7 @@
|
||||
use of fully qualified class names in 9.0.81 that broke the jdbc-pool.
|
||||
(markt)
|
||||
</fix>
|
||||
- </changelog>
|
||||
+ </changelog>
|
||||
</subsection>
|
||||
</section>
|
||||
<section name="Tomcat 9.0.81 (remm)" rtext="2023-10-10">
|
||||
@@ -148,6 +148,11 @@
|
||||
Improve handling of failures within <code>recycle()</code> methods.
|
||||
(markt)
|
||||
</add>
|
||||
+ <fix>
|
||||
+ Ensure that an <code>IOException</code> during the reading of the
|
||||
+ request triggers always error handling, regardless of whether the
|
||||
+ application swallows the exception. (markt)
|
||||
+ </fix>
|
||||
</changelog>
|
||||
</subsection>
|
||||
<subsection name="Coyote">
|
13
tomcat-9.0-build-with-java-11.patch
Normal file
13
tomcat-9.0-build-with-java-11.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: apache-tomcat-9.0.85-src/build.xml
|
||||
===================================================================
|
||||
--- apache-tomcat-9.0.85-src.orig/build.xml
|
||||
+++ apache-tomcat-9.0.85-src/build.xml
|
||||
@@ -107,7 +107,7 @@
|
||||
<!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
|
||||
<property name="compile.release" value="8"/>
|
||||
<property name="min.java.version" value="8"/>
|
||||
- <property name="build.java.version" value="17"/>
|
||||
+ <property name="build.java.version" value="11"/>
|
||||
|
||||
<!-- Check Java Build Version -->
|
||||
<fail message="Java version ${build.java.version} or newer is required (${java.version} is installed)">
|
148
tomcat.changes
148
tomcat.changes
@ -1,17 +1,147 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 16:57:21 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
|
||||
|
||||
- Update to Tomcat 9.0.85
|
||||
* Fixed CVEs:
|
||||
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
|
||||
incorrect headers parsing (bsc#1217649)
|
||||
* Catalina
|
||||
+ Update: 68378: Align extension to MIME type mappings in the
|
||||
global web.xml with those in httpd by adding
|
||||
application/vnd.geogebra.slides for ggs, text/javascript for mjs
|
||||
and audio/ogg for opus. (markt)
|
||||
+ Fix: Background processes should not be run concurrently with
|
||||
lifecycle operations of a container. (remm)
|
||||
+ Fix: Correct unintended escaping of XML in some WebDAV
|
||||
responses. The XML list of support locks when provided in
|
||||
response to a PROPFIND request was incorrectly XML escaped.
|
||||
(markt)
|
||||
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
|
||||
if AsyncListener.onError() calls AsyncContext.dispatch().
|
||||
(markt)
|
||||
+ Fix: 68228: Use a 408 status code if a read timeout occurs
|
||||
during HTTP request processing. Includes a test case based on
|
||||
code provided by adwsingh. (markt)
|
||||
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
|
||||
rendering of X509Certificate#getNotAfter(). (michaelo)
|
||||
+ Update: The status servlet included in the manager webapp
|
||||
can now output statistics as JSON, using the JSON=true URL
|
||||
parameter. (remm)
|
||||
+ Update: Optionally allow ServiceBindingPropertySource to
|
||||
trim a trailing newline from a file containing a
|
||||
property-value. (schultz)
|
||||
+ Fix: 67793: Ensure the original session timeout is restored
|
||||
after FORM authentication if the user refreshes a page during
|
||||
the FORM authentication process. Based on a suggestion by
|
||||
Mircea Butmalai. (markt)
|
||||
+ Update: 67926: PEMFile prints unidentifiable string
|
||||
representation of ASN.1 OIDs. (michaelo)
|
||||
+ Fix: 66875: Ensure that setting the request attribute
|
||||
jakarta.servlet.error.exception is not sufficient to trigger
|
||||
error handling for the current request and response. (markt)
|
||||
+ Fix: 68054: Avoid some file canonicalization calls
|
||||
introduced by the fix for 65433. (remm)
|
||||
+ Fix: 68089: Improve performance of request attribute access
|
||||
for ApplicationHttpRequest and ApplicationRequest. (markt)
|
||||
+ Fix: Use a 400 status code to report an error due to a bad
|
||||
request (e.g. an invalid trailer header) rather than a 500
|
||||
status code. (markt)
|
||||
+ Fix: Ensure that an IOException during the reading of the
|
||||
request triggers always error handling, regardless of whether
|
||||
the application swallows the exception. (markt)
|
||||
* Coyote
|
||||
+ Fix: Refactor the VirtualThreadExecutor so that it can be
|
||||
used by the NIO2 connector which was using platform threads
|
||||
even when configured to use virtual threads. (markt)
|
||||
+ Fix: Correct a regression in the fix for 67675 that broke
|
||||
TLS key file parsing for PKCS#8 format keys that do not specify
|
||||
an explicit pseudo-random function and rely on the default.
|
||||
This typically affects keys generated by OpenSSL 1.0.2.
|
||||
(markt)
|
||||
+ Fix: Allow multiple operations with the same name on
|
||||
introspected mbeans, fixing a regression caused by the
|
||||
introduction of a second addSslHostConfig method. (remm)
|
||||
+ Fix: Relax the check that the HTTP Host header is consistent
|
||||
with the host used in the request line, if any, to make the
|
||||
check case insensitive since host names are case insensitive.
|
||||
(markt)
|
||||
+ Add: 68348: Add support for the partitioned attribute for
|
||||
cookies. (markt)
|
||||
+ Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and
|
||||
SSLHostConfig#certificateKeystorePasswordFile. (michaelo)
|
||||
+ Add: When calling
|
||||
SSLHostConfigCertificate.setCertificateKeystore(ks),
|
||||
automatically call setCertificateKeystoreType(ks.getType()).
|
||||
(markt)
|
||||
+ Fix: 67628: Clarify how the ciphers attribute of the
|
||||
SSLHostConfig is used. (markt)
|
||||
+ Fix: 67666: Ensure TLS connectors using PEM files either
|
||||
work with the TLSCertificateReloadListener or, in the rare case
|
||||
that they do not, log a warning on Connector start. (markt)
|
||||
+ Fix: 67675: Support a wider range of KDF and ciphers for PEM
|
||||
files than the combinations supported by the JVM by default.
|
||||
Specifically, support the OpenSSL default of HmacSHA256 and
|
||||
DES-EDE3-CBC. (markt)
|
||||
+ Fix: 67927: Reloading TLS configuration can cause the
|
||||
Connector to refuse new connections or the JVM to crash.
|
||||
(markt)
|
||||
+ Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are
|
||||
available, prefer 1.2.x since it supports the APR/Native
|
||||
connector whereas 2.0.x does not. (markt)
|
||||
+ Fix: 67938: Correct handling of large TLS client hello
|
||||
messages that were causing the TLS handshake to fail. (markt)
|
||||
+ Fix: 68026: Convert selected MessageByte values to String
|
||||
when first accessed to speed up subsequent accesses and reduce
|
||||
garbage collection. (markt)
|
||||
* Jasper
|
||||
+ Code: 68119: Refactor the CompositeELResolver to improve
|
||||
performance during type conversion operations. (markt)
|
||||
+ Fix: 68068: Performance improvement for EL. Based on a
|
||||
suggestion by John Engebretson. (markt)
|
||||
* Web Applications
|
||||
+ Fix: 68035: Additional fix to the Manager application to
|
||||
enable the deployment of a web application located in a Host's
|
||||
appBase where the web application is specified by a bare (no
|
||||
path) WAR or directory name as shown in the documentation.
|
||||
(markt)
|
||||
+ Fix: Examples. Improve the error handling so snakes
|
||||
associated with a user that drops from the network are removed
|
||||
from the game. (markt)
|
||||
+ Fix: 68035: Correct a regression in the fix for 56248 that
|
||||
prevented deployment via the Manager of a WAR or directory that
|
||||
was already present in the appBase or a context file that was
|
||||
already present in the xmlBase. (markt)
|
||||
* Other
|
||||
+ Update: Update Checkstyle to 10.12.7. (markt)
|
||||
+ Update: Update SpotBugs to 4.8.3. (markt)
|
||||
+ Add: Improvements to French translations. (remm)
|
||||
+ Add: Improvements to Japanese translations by tak7iji.
|
||||
(markt)
|
||||
+ Update: Update UnboundID to 6.0.11. (markt)
|
||||
+ Update: Update Checkstyle to 10.12.5. (markt)
|
||||
+ Update: Update SpotBugs to 4.8.2. (markt)
|
||||
+ Update: Update Derby to 10.17.1. (markt)
|
||||
+ Add: Improvements to French translations. (remm)
|
||||
+ Add: Improvements to Japanese translations by tak7iji.
|
||||
(markt)
|
||||
+ Add: Improvements to Brazilian Portuguese translations by
|
||||
John William Vicente. (markt)
|
||||
+ Add: Improvements to Russian translations by usmazat and
|
||||
remm. (markt)
|
||||
+ Add: 67538: Make use of Ant's <javaversion /> task to enfore
|
||||
the mininum Java build version. (michaelo)
|
||||
+ Update: Update Checkstyle to 10.12.4. (markt)
|
||||
+ Update: Update JaCoCo to 0.8.11. (markt)
|
||||
+ Update: Update SpotBugs to 4.8.0. (markt)
|
||||
+ Update: Update BND to 7.0.0. (markt)
|
||||
+ Update: The minimum Java version required to build Tomcat
|
||||
has been raised to Java 17. (markt)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 14:53:08 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
|
||||
|
||||
- change server.xml during %post instead of %posttrans
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 14:20:25 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
|
||||
|
||||
- Fixed CVEs:
|
||||
* CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
|
||||
incorrect headers parsing (bsc#1217649)
|
||||
- Added patches:
|
||||
* tomcat-9-CVE-2023-46589.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 12 13:18:52 UTC 2024 - Michele Bussolotto <michele.bussolotto@suse.com>
|
||||
|
||||
|
@ -82,7 +82,7 @@ Patch5: %{name}-%{major_version}.%{minor_version}-jdt.patch
|
||||
Patch6: tomcat-9.0.75-secretRequired-default.patch
|
||||
Patch7: tomcat-9.0-fix_catalina.patch
|
||||
Patch8: tomcat-9.0-logrotate_everything.patch
|
||||
Patch9: java8.patch
|
||||
Patch9: tomcat-9.0-build-with-java-11.patch
|
||||
BuildRequires: ant >= 1.8.1
|
||||
BuildRequires: ant-antlr
|
||||
BuildRequires: apache-commons-collections
|
||||
|
Loading…
Reference in New Issue
Block a user