Accepting request 925884 from home:balta3:tomcat9

- Update to 9.0.39
- aqute-bnd 5.1.1 required (separate submit request)

OBS-URL: https://build.opensuse.org/request/show/925884
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=223

apache-tomcat-9.0.36-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3444bfabf7a4f88b3276d121541129593ac1f871b6d4eaa31104cee098fd9394
-size 5890912

apache-tomcat-9.0.36-src.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl7X294ACgkQEMAcWi9g
-Wedinw/+IaqN35TbauWtNswTV9nwYk76PPphvnnYu87upE9ZwD1xT/qcmT5PD1sM
-08t34laxrawOHJThigK5pmbIcP+P2gWnSwKwS6NH0eT9JQWNJZ92fX4hhR6TFpcE
-TKqzAHPlnqwqijNPNmS8hg58sSxni/ScB7e/Dk8JhGnv4YXSdrjdOcWEC2Igfipo
-sK8cnBuP8nPdB4GnGFYdz34SG9WqNSXIv/4kkMDvP00bm4jvrPcf6dnuAosrtq3l
-ipTIFH7LIfOcC9rSjeOAfvtqDD5hyV1plJdwVE1FYOm0BvCDixvRfKDBbf6Ka9U5
-Y6QGKzfQwrWZMv/COVnoBpKmXTTQNAl0lX97fZP2bhgLvKJB4SClAChrZuOIrMhq
-U4hMFvVd51+YscHXR4idgtIL3sI16XiAoBGStsVLXWstYAmud/EqaQVNwwAdCY13
-YcMjZEHaqyMLMb6rJe305tE0a2pMqErXUKqPuHiNIvaLQN4qa5tw3g/czOQaeJpq
-A3cQeGQQCd4N2clUhgFfr+RGVmA7TUo23/w1zQMjmnjVvn2QFtBOybcKE5kGdGCF
-YmMQ0zD+SuYUR0V0a//xdA24XriG3PfkqJ/x3+eja+P1FlJ5DzJtX2kpk8BotETT
-jVR8IKMQ/mGMkgBmvVVvrVx76qZaCuI/2RG/4SNh/hhBXzPEeQE=
-=Sr54
------END PGP SIGNATURE-----

apache-tomcat-9.0.39-src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f6ed1a6ae4f9a67da9e75f79ba6629ce309f7101bce072e1b52c7abb6e2a93c
+size 5966825

apache-tomcat-9.0.39-src.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl98fisACgkQEMAcWi9g
+Wed+WQ//QwG6pcX8dVwkyuymZgFS3oKXpJHujnpuY2K4aFzAptkioFH+Fqw+IeJK
+hXc/i1IiWw69zJBX1GDhlTFrW9g3cX0KqsUSXkRXo+AATOb5fdIjofnuPDbbXKtN
+nK0eQsm+OFh1WW8mbMVZSgQ3uqbVJYwukZCjwelrdDLKuhl2yHFWGteTQOTo0LdU
+cgYrEenMp5c+hBVBw8iJ4HUbr2NBfXRD0KRUOD9m4f75BJshVNFxMUu0WOENIkNw
+JixJIYHhf7k+eXCJUHKcV52haHsStaWcqi+2Pcg7sOl33bKjL4H4ANH+WLqbzANF
+NDY3YxV71w+yC5MxPRTjTnIfUNYOcARs19tVVORaUzNqiRIY/ymur7jZi9bHgnZW
+tZ/ldQKDOWmfuRgRPbgKFvpZubiECy9EiILVSDZcU2HRNGwEpboRkx+RZtavGvnm
+DizEN8beYgsr4Xf/62p+BhsDGVVKEmgVIecPDiwFWoZwv3lmC31809uHze6wlVge
+sFFNS1ly/xiNjLPXzPx1XQ4nLsLVC7ERKG0v1b2NmH1oayWXeRqDzTNV9/d420xU
+nCWNg36Y8SEiCdiYpKYladggwmg5j5VWx9H3DuDWxrrqhOqJBOLwC3fnTm9slLqC
+lLdaflcWqqtj6v1qmhDwnSesCfzubN/XYtT2eIWYMnt1OHuFRW0=
+=l6Lm
+-----END PGP SIGNATURE-----

tomcat-9.0-CVE-2020-13943.patch

@@ -1,115 +0,0 @@
-From 55911430df13f8c9998fbdee1f9716994d2db59b Mon Sep 17 00:00:00 2001
-From: Mark Thomas <markt@apache.org>
-Date: Thu, 23 Jul 2020 17:43:45 +0100
-Subject: [PATCH] Move check for current streams to end of header parsing.
-
----
- java/org/apache/coyote/http2/Http2Parser.java |  2 +-
- .../coyote/http2/Http2UpgradeHandler.java     | 24 ++++++++++---------
- .../coyote/http2/TestHttp2Section_5_1.java    | 20 ++++++++++------
- 3 files changed, 27 insertions(+), 19 deletions(-)
-
-Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
-===================================================================
---- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2Parser.java
-+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
-@@ -738,7 +738,7 @@ class Http2Parser {
-         HeaderEmitter headersStart(int streamId, boolean headersEndStream)
-                 throws Http2Exception, IOException;
-         void headersContinue(int payloadSize, boolean endOfHeaders);
--        void headersEnd(int streamId) throws ConnectionException;
-+        void headersEnd(int streamId) throws Http2Exception;
- 
-         // Priority frames (also headers)
-         void reprioritise(int streamId, int parentStreamId, boolean exclusive, int weight)
-Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java
-===================================================================
---- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2UpgradeHandler.java
-+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java
-@@ -1451,16 +1451,6 @@ class Http2UpgradeHandler extends Abstra
-             stream.checkState(FrameType.HEADERS);
-             stream.receivedStartOfHeaders(headersEndStream);
-             closeIdleStreams(streamId);
--            if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) {
--                setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
--                // Ignoring maxConcurrentStreams increases the overhead count
--                increaseOverheadCount();
--                throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams",
--                        Long.toString(localSettings.getMaxConcurrentStreams())),
--                        Http2Error.REFUSED_STREAM, streamId);
--            }
--            // Valid new stream reduces the overhead count
--            reduceOverheadCount();
-             return stream;
-         } else {
-             if (log.isDebugEnabled()) {
-@@ -1528,12 +1518,24 @@ class Http2UpgradeHandler extends Abstra
- 
- 
-     @Override
--    public void headersEnd(int streamId) throws ConnectionException {
-+    public void headersEnd(int streamId) throws Http2Exception {
-         Stream stream = getStream(streamId, connectionState.get().isNewStreamAllowed());
-         if (stream != null) {
-             setMaxProcessedStream(streamId);
-             if (stream.isActive()) {
-                 if (stream.receivedEndOfHeaders()) {
-+
-+                    if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) {
-+                        setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
-+                        // Ignoring maxConcurrentStreams increases the overhead count
-+                        increaseOverheadCount();
-+                        throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams",
-+                                Long.toString(localSettings.getMaxConcurrentStreams())),
-+                                Http2Error.REFUSED_STREAM, streamId);
-+                    }
-+                    // Valid new stream reduces the overhead count
-+                    reduceOverheadCount();
-+
-                     processStreamOnContainerThread(stream);
-                 }
-             }
-Index: apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
-===================================================================
---- apache-tomcat-9.0.36-src.orig/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
-+++ apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
-@@ -222,11 +222,11 @@ public class TestHttp2Section_5_1 extend
-         // Expecting
-         // 1 * headers
-         // 56k-1 of body (7 * ~8k)
--        // 1 * error (could be in any order)
--        for (int i = 0; i < 8; i++) {
-+        // 1 * error
-+        // for a total of 9 frames (could be in any order)
-+        for (int i = 0; i < 9; i++) {
-             parser.readFrame(true);
-         }
--        parser.readFrame(true);
- 
-         Assert.assertTrue(output.getTrace(),
-                 output.getTrace().contains("5-RST-[" +
-@@ -238,14 +238,20 @@ public class TestHttp2Section_5_1 extend
- 
-         // Release the remaining body
-         sendWindowUpdate(0, (1 << 31) - 2);
--        // Allow for the 8k still in the stream window
-+        // Allow for the ~8k still in the stream window
-         sendWindowUpdate(3, (1 << 31) - 8193);
- 
--        // 192k of body (24 * 8k)
--        // 1 * error (could be in any order)
--        for (int i = 0; i < 24; i++) {
-+        // Read until the end of stream 3
-+        while (!output.getTrace().contains("3-EndOfStream")) {
-             parser.readFrame(true);
-         }
-+        output.clearTrace();
-+
-+        // Confirm another request can be sent once concurrency falls back below limit
-+        sendSimpleGetRequest(7);
-+        parser.readFrame(true);
-+        parser.readFrame(true);
-+        Assert.assertEquals(getSimpleResponseTrace(7), output.getTrace());
-     }
- 
- 

tomcat-9.0-osgi-build.patch

@@ -1,14 +1,17 @@
-Index: apache-tomcat-9.0.35-src/build.xml
+Index: apache-tomcat-9.0.37-src/build.xml
 ===================================================================
---- apache-tomcat-9.0.35-src.orig/build.xml
+--- apache-tomcat-9.0.37-src.orig/build.xml
-+++ apache-tomcat-9.0.35-src/build.xml
++++ apache-tomcat-9.0.37-src/build.xml
-@@ -3327,6 +3327,9 @@ Read the Building page on the Apache Tom
+@@ -3307,6 +3307,12 @@ Read the Building page on the Apache Tom
-     <path id="bndlib.classpath">
+     <!-- Add bnd tasks to project -->
+     <path id="bnd.classpath">
        <fileset file="${bnd.jar}" />
-       <fileset file="${bndlib.jar}" />
++      <fileset file="${bndlib.jar}" />
 +      <fileset file="${bndlibg.jar}" />
 +      <fileset file="${bndannotation.jar}" />
++      <fileset file="${osgiannotation.jar}" />
++      <fileset file="${osgicmpn.jar}" />
 +      <fileset file="${slf4j-api.jar}" />
      </path>
  
-     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bndlib.classpath" />
+     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bnd.classpath" />

tomcat.changes

@@ -15,6 +15,32 @@ Wed Mar 17 16:16:52 UTC 2021 - Abid Mehmood <amehmood@suse.com>
 - Added patch:
   * tomcat-9.0-CVE-2021-24122.patch
 
+-------------------------------------------------------------------
+Mon Mar 15 21:42:07 UTC 2021 - Marcel Witte <wittemar@googlemail.com>
+
+- Update to Tomcat 9.0.39. See changelog at
+  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)
+- Rebased patches:
+  * tomcat-9.0.39-java8compat.patch
+
+-------------------------------------------------------------------
+Mon Mar 15 14:57:39 UTC 2021 - Marcel Witte <wittemar@googlemail.com>
+
+- Update to Tomcat 9.0.38. See changelog at
+  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)
+- Rebased patches:
+  * tomcat-9.0.38-java8compat.patch
+- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
+
+-------------------------------------------------------------------
+Mon Feb 22 08:56:03 UTC 2021 - Marcel Witte <wittemar@googlemail.com>
+
+- Update to Tomcat 9.0.37. See changelog at
+  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)
+- Rebased patches:
+  * tomcat-9.0-osgi-build.patch
+  * tomcat-9.0.37-java8compat.patch
+
 -------------------------------------------------------------------
 Wed Dec 16 12:17:22 UTC 2020 - Abid Mehmood <amehmood@suse.com>
 

tomcat.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package tomcat
 #
-# Copyright (c) 2021 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 36
+%define micro_version 39
 %define packdname apache-tomcat-%{version}-src
 %define serverxmltool_version 1.0
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
@@ -80,10 +80,9 @@ Patch3:         %{name}-%{major_version}.%{minor_version}-javadoc.patch
 # PATCH-FIX-OPENSUSE: include all necessary aqute-bnd jars
 Patch4:         tomcat-9.0-osgi-build.patch
 # PATCH-FIX-OPENSUSE: cast ByteBuffer to Buffer in cases where there is a risk of using Java 9+ apis
-Patch5:         tomcat-9.0.31-java8compat.patch
+Patch5:         tomcat-9.0.39-java8compat.patch
 # PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting
 Patch6:         tomcat-9.0.31-secretRequired-default.patch
-Patch7:         tomcat-9.0-CVE-2020-13943.patch
 Patch8:         tomcat-9.0-CVE-2020-17527.patch
 Patch9:         tomcat-9.0-CVE-2021-24122.patch
 Patch10:        tomcat-9.0-CVE-2021-25122.patch
@@ -95,8 +94,8 @@ BuildRequires:  apache-commons-collections
 BuildRequires:  apache-commons-daemon
 BuildRequires:  apache-commons-dbcp >= 2.0
 BuildRequires:  apache-commons-pool2
-BuildRequires:  aqute-bnd
+BuildRequires:  aqute-bnd >= 5.1.1
-BuildRequires:  aqute-bndlib
+BuildRequires:  aqute-bndlib >= 5.1.1
 BuildRequires:  ecj >= 4.4.0
 BuildRequires:  fdupes
 BuildRequires:  findutils
@@ -262,7 +261,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
@@ -306,6 +304,9 @@ ant -Dbase.path="." \
     -Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
     -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
     -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
+    -Dosgiannotation.jar="$(build-classpath osgi-annotation/osgi.annotation)" \
+    -Dosgi-annotations.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
+    -Dosgicmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \
 	-Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
     -Dcommons-pool.home="$(build-classpath commons-pool2)" \
     -Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \