Accepting request 1165770 from Java:packages

OBS-URL: https://build.opensuse.org/request/show/1165770 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=107
2024-04-07 20:11:12 +00:00 · 2024-04-07 20:11:12 +00:00 · 946ecc7695
commit 946ecc7695
parent 6d99755887 eae7642b89
6 changed files with 129 additions and 20 deletions
--- a/apache-tomcat-9.0.85-src.tar.gz
+++ b/apache-tomcat-9.0.85-src.tar.gz
--- a/apache-tomcat-9.0.85-src.tar.gz.asc
+++ b/apache-tomcat-9.0.85-src.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmWXwOIACgkQaCSJWTWe
 civPQA//Qy3b3J48H/thEWhTYXy+KlcRP8p10iJu/dtSRbU1kkjP8Cj5jl0j1TXJ
 tf/qygoBV2ckJAVyJkul7TXsA5Memj2MoaK32bm/GEXd1Cv1BClBC2qDsSWcca/C
 Ua3q/2tg9muVo3JhETash2iQN4AtIbeELrsRTwvV3+w1eeJ0OcE84xytSw0b3FQu
 rv1rWBfzTnkGPB4Uipzpq6aXZtfW5B9isEhb1MniAHZYKMWhJ9svS0hWvQzhPHYo
 X5sbmkhqht2MwVdUfw9CTwITydcRsJkdz1rMtcGXbfVEhvrZi9jeM0ygqf+RxPhi
 nCSea80CeaKv4DFh3h0zYhk9k+Y6j23X4gF15tYz3JxV+tDTPD2nNnDXFyKg3RAH
 CddjOXBQONKx1O1C4D1MkBaQdNwm1qS2rooxd61sMsYAuWACUMaIBn9SozwtyJ3K
 WQx4nrpXOuLoqFGOv7eiVW5bYnxyg4jiQr6kWMFMXGhZtY9uj3uL1Ojll0EsRx1C
 yIJHh0nVKuze2zuqMqp5g40q4f2/fFl3LJoArOkunxDpi8X4HpMP1STY+0dxOSxb
 Mm9nF/10YpCyvZkvAdw3ymJEecXUJKAJiG3xCOUzCHtYnsF09kyqQ9Ho01CC5nSB
 hCJ6kCqRAhE3jS0sXNh9HLKvHcvJGZ2IT/40AU9oRSVzZncMEUc=
 =bszF
 -----END PGP SIGNATURE-----
--- a/apache-tomcat-9.0.87-src.tar.gz
+++ b/apache-tomcat-9.0.87-src.tar.gz
--- a/apache-tomcat-9.0.87-src.tar.gz.asc
+++ b/apache-tomcat-9.0.87-src.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmXu2nYACgkQaCSJWTWe
 cis4lg//VHmtdBX2BrPuE8AV2R3ob9KI4uxrBxfjukb/HfvsXT1Zz00R27HVbKln
 h1hx7PCTrVJq+sHLDiDnYF1FDC5M+atvryoXcFIAEgnkqQ4toSgqBTa85NcRxrKY
 lBnQrZ5ZF5MJ7h+E8r7PIXwjbKbcvMLnhqvXwIB6TOMgUC3UOwZPN2vvq20XqYHA
 tevMCDLdMjcAdiOMqkekmq6y8KaEMoEY2rJG3KHCPXKkVQflQoX1bNs88vSd4t4F
 CQTcLauo9oyT+IaaanJWrawnKxlAD6x8QuFkJWNK2SC7145IGWeo1R32xzPvQdau
 Lu69YayASXq2nilYCLI3uZQ4tFSjCosi+DZaJVatMi2wbGXheau36vS8WLYkroWt
 w9deOo+KYiibckgEGbEncAD54sBVKF5Eun751CzSDZC1yV+08oII16koIl0TQlcd
 ZFhpIgQ5fo19VUReLQ9JlR98vbLnVFGg+3GVzHqfIATrVuulaliw6HOK7UT/ixFX
 jWNdR+/szFe3gTy+RifMU4C3D0hWEhRQGjnVoUPdck2ANBOm5CPV3R5IL2ej03yj
 LYXCJ++r+e/O5tftlax2Tnpmxzo0HFrQCSr+1HTsE4VY7Upy0liiV3btBWPcKKVp
 0e3E2wYv9P1PcTJD+XUOLX1yuYZv0xCS5fQ4t/ZlSR2R20+rUu4=
 =F+I2
 -----END PGP SIGNATURE-----
--- a/tomcat.changes
+++ b/tomcat.changes
@ -1,3 +1,112 @@
 -------------------------------------------------------------------
 Fri Apr  5 14:24:14 UTC 2024 - Ricardo Mestre <ricardo.mestre@suse.com>
 - Update to Tomcat 9.0.87
  * Fixed CVEs:
    + CVE-2024-24549: Improved request header validation for HTTP/2 stream 
      (bsc#1221386)
    + CVE-2024-23672: Ensure that WebSocket connection closure completes if 
      the connection is closed when the server side has used the proprietary 
      suspend/resume feature to suspend the connection (bsc#1221385)
  * Catalina
    + Fix:  Minor performance improvement for building filter chains. Based 
      on ideas from #702 by Luke Miao. (remm)
    + Fix:  Align error handling for Writer and OutputStream. Ensure use of 
      either once the response has been recycled triggers a 
      NullPointerException provided that discardFacades is configured with 
      the default value of true. (markt)
    + Fix:  68692: The standard thread pool implementations that are configured
      using the Executor element now implement ExecutorService for better 
      support NIO2. (remm)
    + Fix:  68495: When restoring a saved POST request after a successful FORM 
      authentication, ensure that neither the URI, the query string nor the 
      protocol are corrupted when restoring the request body. (markt)
    + Fix:  68721: Workaround a possible cause of duplicate class definitions 
      when using ClassFileTransformers and the transformation of a class also
      triggers the loading of the same class. (markt)
    + Fix:  The rewrite valve should not do a rewrite if the output is 
      identical to the input. (remm)
    + Update:  Add a new valveSkip (or VS) rule flag to the rewrite valve to 
      allow skipping over the next valve in the Catalina pipeline. (remm)
    + Fix:  Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by 
      removing reference to org.apache.catalina.ssi package that is no longer 
      included in the JAR. Based on pull request #684 by Jendrik Johannes. 
      (markt)
    + Fix:  Fix ServiceBindingPropertySource so that trailing \r\n sequences 
      are correctly removed from files containing property values when 
      configured to do so. Bug identified by Coverity Scan. (markt)
    + Add:  Add improvements to the CSRF prevention filter including the 
      ability to skip adding nonces for resource name and subtree URL patterns.
      (schultz)
    + Fix:  Review usage of debug logging and downgrade trace or data dumping 
      operations from debug level to trace. (remm)
    + Fix:  68089: Further improve the performance of request attribute 
      access for ApplicationHttpRequest and ApplicationRequest. (markt)
    + Fix:  68559: Allow asynchronous error handling to write to the 
      response after an error during asynchronous processing. (markt)
  * Coyote
    + Fix:  Improve the HTTP/2 stream prioritisation process. If a stream 
      uses all of the connection windows and still has content to write, it 
      will now be added to the backlog immediately rather than waiting until 
      the write  attempt for the remaining content. (markt)
    + Fix:  Make asynchronous error handling more robust. Ensure that once 
      a connection is marked to be closed, further asynchronous processing 
      cannot change that. (markt)
    + Fix:  Make asynchronous error handling more robust. Ensure that once 
      the call to AsyncListener.onError() has returned to the container, only 
      container threads can access the AsyncContext. This protects against 
      various race conditions that woudl otherwise occur if application threads
      continued to access the AsyncContext.
    + Fix:  Review usage of debug logging and downgrade trace or data 
      dumping operations from debug level to trace. In particular, most of the 
      HTTP/2 debug logging has been changed to trace level. (remm)
    + Fix:  Add support for user provided SSLContext instances configured 
      on SSLHostConfigCertificate instances. Based on pull request #673 
      provided by Hakan Altındağ. (markt)
    + Fix:  Improve the Tomcat Native shutdown process to reduce the likelihood
      of a JVM crash during Tomcat shutdown. (markt)
    + Fix:  Partial fix for 68558: Cache the result of converting to String 
      for request URI, HTTP header names and the request Content-Type value to 
      improve performance by reducing repeated byte[] to String conversions. 
      (markt)
    + Fix:  Improve error reporting to HTTP/2 clients for header processing 
      errors by reporting problems at the end of the frame where the error was 
      detected rather than at the end of the headers. (markt)
    + Fix:  Remove the remaining reference to a stream once the stream has 
      been recycled. This makes the stream eligible for garbage collection 
      earlier and thereby improves scalability. (markt)
  * Jasper
    + Add:  Add support for specifying Java 22 (with the value 22) as the 
      compiler source and/or compiler target for JSP compilation. If used with 
      an  Eclipse JDT compiler version that does not support these values, a 
      warning will be logged and the default will used. (markt)
    + Fix:  68546: Generate optimal size and types for JSP imports maps, as 
      suggested by John Engebretson. (remm)
    + Fix:  Review usage of debug logging and downgrade trace or data 
      dumping operations from debug level to trace. (remm)
  * Cluster
    + Fix:  Avoid updating request count stats on async. (remm)
  * WebSocket
    + Fix:  Correct a regression in the fix for 66508 that could cause an 
      UpgradeProcessor leak in some circumstances. (markt)
    + Fix:  Review usage of debug logging and downgrade trace or data dumping
      operations from debug level to trace. (remm)
    + Fix:  Ensure that WebSocket connection closure completes if the 
      connection is closed when the server side has used the proprietary 
      suspend/resume feature to suspend the connection. (markt)
  * Web applications
    + Add:  Add support for responses in JSON format from the examples 
      application RequestHeaderExample. (schultz)
  * Other
    + Add:  Improvements to French translations. (remm)
    + Add:  Improvements to Japanese translations by tak7iji. (markt)
    + Update:  Update Checkstyle to 10.13.0. (markt)
    + Update:  Update JSign to 6.0. (markt)
    + Update:  Add strings for debug level messages. (remm)
    + Update:  Update Tomcat Native to 1.3.0. (markt)
    + Add:  Improvements to French translations. (remm)
    + Add:  Improvements to Japanese translations by tak7iji. (markt)
 -------------------------------------------------------------------
 Wed Mar  6 07:18:06 UTC 2024 - Dan Čermák <dcermak@suse.com>
--- a/tomcat.spec
+++ b/tomcat.spec
@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 85
+%define micro_version 87
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}