Accepting request 759699 from home:mateialbu:branches:Java:packages

- Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729) OBS-URL: https://build.opensuse.org/request/show/759699 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=180
2020-01-08 07:19:26 +00:00 · 2020-01-08 07:19:26 +00:00 · 959ac9a805
commit 959ac9a805
parent addc1ce48e
7 changed files with 35 additions and 91 deletions
--- a/apache-tomcat-9.0.27-src.tar.gz
+++ b/apache-tomcat-9.0.27-src.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a78d96d388a0d143a9f9f002db18659d478f44bed19b59ec6f6d4e09033c7f1
-size 5761278
--- a/apache-tomcat-9.0.27-src.tar.gz.asc
+++ b/apache-tomcat-9.0.27-src.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl2bDO8ACgkQEMAcWi9g
-Wecy8hAAkeYA9buTHPdlkkcVa3pg8ROg06QB56iI2318FjObFUqbKLfehM+Kluft
-1W24fp2QC+JWU3dwX1A8zANr0qtBJ4GEzbdZr7f7MivBvc8Eqlo5pL45McTgMoyI
-KjlYgFF5U/hFkMNMk5J5h+q9NjnojgFJsy18fPnfry7BfS2aC+qegBvnFm5svmoO
-K9y7nGxv8TFZs2Q0H2yExgiezrjsBCZllGDqyK/9kIFp1nbWr4eMcdU5a6lHOtP2
-LI/z4+dSfPN1ktyymPP2sq851C1XlRl5R8J4YRWOqGzPIYkAUKOcDxGRel5Uw4wd
-F4RQbb+oZ0S8YXN9mks/u0Shv2Dtq5cuSGEyrsRyT4+ZL/EwkwWaoCoVAG17bARC
-+J1aGHJAtJYA7lyJB0q3BLZRP7YENJv0kfxk4YWDABYvbXN0vMlFvhihc4byvO9J
-XqHo4C5unBbU7jcSP+/GJhuujMTxOqiG9NUwOMrLHNsUjsQTYNMyFzzm5OA9I0eZ
-JT+qWMm4Cu/v9a+6pfMv5tNWRhhLjeCfO7jcp2k+E+3YX3jghPy+RWOH1bT2ccZA
-Os0WbdmRtSW9lkQlqYaXE7uAgXE/yZmDLfngVEcJnJjhZCLKskx3XqNI6uR0t7c0
-9lOU1GBAH94ztZjAOkCIwjH3Roi5vsuGcAmYFyusIS7QSTXQfso=
-=s4BA
-----END PGP SIGNATURE-----
--- a/apache-tomcat-9.0.30-src.tar.gz
+++ b/apache-tomcat-9.0.30-src.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:073bf0a56738d9bcb70c6065077495506b41dcea26731f0599c701efb90dc4ba
+size 5798307
--- a/apache-tomcat-9.0.30-src.tar.gz.asc
+++ b/apache-tomcat-9.0.30-src.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl3r2Q8ACgkQEMAcWi9g
+WefsBg/8CwNTI+JvM9pVcD7I3QzHjZJ61JMkf/cmgTvuDbWHCIlWiXqXEd5NcizF
+yuC1lg+8JotS+ZK5puOlZRzfX1W9sQ0ry6namKb6msj/czcgAQUVMIRC8ezjAlHe
+4pyweTv1bBVnL5zyvQr/f4344i/hzwR0PBFeNu2dAXp7Hs1E4nMDNi8j0RrNUF3s
+8WmIH+TxlNAJ0efc7T0NkQ3UbbOyuqDeAhAFlcFgZny/91JjAEJNs/ne1KXFZ2kK
+cyTOf03TBmz4HjNtQBTE7S8r1ZKGU1PJumivPnUToKgdBUf3SWiF3m3ywYXhbOIs
+OkME+Ru1Sx8M87fvqTf7qxgIaMk1DtTqqyG4K9bkhaDvnGTpqA+vSHK7rdnQVa1V
+E8ubJNA1/k94gLd2x9l4iP9ofgeF7U+Z0/UV3sJ6/U9RDHvm5QYEbgnoufCNiI/F
+59wUKSJbyCCVCH4t6w1PQg33hOHG+pqGDZS2L4Ji26UJzMb7cdftnn5BDOm8+pWX
+An50t/4X2yhYC9HyiCUFKsZdew0Sb0LTtqwySpagrjiW6KhxVqUoN1YwSBrcseXW
+DFsqQSPOYVMD9b05f5sog7gczI+2nusrshBWQD8rU0NPbuUladEJGP8MTlb2F4W5
+MecDnTUgJqvlrVgNULWaxcxby2NGh8bzoDXfE/Eg+JTDenh2g54=
+=Pnl6
+-----END PGP SIGNATURE-----
--- a/tomcat-9.0-JDTCompiler-java.patch
+++ b/tomcat-9.0-JDTCompiler-java.patch
@ -1,62 +0,0 @@
-Index: apache-tomcat-9.0.19-src/java/org/apache/jasper/compiler/JDTCompiler.java
-===================================================================
--- apache-tomcat-9.0.19-src.orig/java/org/apache/jasper/compiler/JDTCompiler.java
-+++ apache-tomcat-9.0.19-src/java/org/apache/jasper/compiler/JDTCompiler.java
-@@ -312,18 +312,18 @@ public class JDTCompiler extends org.apa
-                              CompilerOptions.VERSION_1_7);
-             } else if(opt.equals("1.8")) {
-                 settings.put(CompilerOptions.OPTION_Source,
-                             CompilerOptions.VERSION_1_8);
-+                             "1.8"); // CompilerOptions.VERSION_1_8
-             // Version format changed from Java 9 onwards.
-             // Support old format that was used in EA implementation as well
-             } else if(opt.equals("9") || opt.equals("1.9")) {
-                 settings.put(CompilerOptions.OPTION_Source,
-                             CompilerOptions.VERSION_9);
-+                             "9"); // CompilerOptions.VERSION_9
-             } else if(opt.equals("10")) {
-                 settings.put(CompilerOptions.OPTION_Source,
-                             CompilerOptions.VERSION_10);
-+                             "10"); // CompilerOptions.VERSION_10
-             } else if(opt.equals("11")) {
-                 settings.put(CompilerOptions.OPTION_Source,
-                             CompilerOptions.VERSION_11);
-+                             "11"); // CompilerOptions.VERSION_11
-             } else if(opt.equals("12")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
-@@ -377,26 +377,26 @@ public class JDTCompiler extends org.apa
-                         CompilerOptions.VERSION_1_7);
-             } else if(opt.equals("1.8")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
-                             CompilerOptions.VERSION_1_8);
-+                             "1.8"); // CompilerOptions.VERSION_1_8
-                 settings.put(CompilerOptions.OPTION_Compliance,
-                        CompilerOptions.VERSION_1_8);
-+                        "1.8"); // CompilerOptions.VERSION_1_8
-             // Version format changed from Java 9 onwards.
-             // Support old format that was used in EA implementation as well
-             } else if(opt.equals("9") || opt.equals("1.9")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
-                             CompilerOptions.VERSION_9);
-+                             "9"); // CompilerOptions.VERSION_9
-                 settings.put(CompilerOptions.OPTION_Compliance,
-                        CompilerOptions.VERSION_9);
-+                        "9"); // CompilerOptions.VERSION_9
-             } else if(opt.equals("10")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
-                        CompilerOptions.VERSION_10);
-+                        "10"); // CompilerOptions.VERSION_10
-                 settings.put(CompilerOptions.OPTION_Compliance,
-                        CompilerOptions.VERSION_10);
-+                        "10"); // CompilerOptions.VERSION_10
-             } else if(opt.equals("11")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
-                        CompilerOptions.VERSION_11);
-+                        "11"); // CompilerOptions.VERSION_11
-                 settings.put(CompilerOptions.OPTION_Compliance,
-                        CompilerOptions.VERSION_11);
-+                        "11"); // CompilerOptions.VERSION_11
-             } else if(opt.equals("12")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
--- a/tomcat.changes
+++ b/tomcat.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Dec 27 10:22:58 UTC 2019 - Matei Albu <malbu@suse.com>
+
+- Update to Tomcat 9.0.30. See changelog at
+  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
+- Fixed CVEs:
+  - CVE-2019-12418 (bsc#1159723)
+  - CVE-2019-17563 (bsc#1159729)
+
 -------------------------------------------------------------------
 Mon Nov 18 09:13:10 UTC 2019 - Fridrich Strba <fstrba@suse.com>

--- a/tomcat.spec
+++ b/tomcat.spec
@ -1,7 +1,7 @@
 #
 # spec file for package tomcat
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 27
+%define micro_version 30
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}
@ -73,14 +73,12 @@ Source1002:     %{name}.keyring
 Patch0:         %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 #PATCH-FIX-UPSTREAM: from jpackage.org package
 Patch1:         %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
-# PATCH-FIX-UPSTREAM: https://issues.apache.org/bugzilla/show_bug.cgi?id=56373
-Patch2:         %{name}-%{major_version}.%{minor_version}-JDTCompiler-java.patch
 # PATCH-FIX-SLE: Change security manager default policies bnc#891264
-Patch3:         %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch
+Patch2:         %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch
 # PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files
-Patch4:         %{name}-%{major_version}.%{minor_version}-javadoc.patch
+Patch3:         %{name}-%{major_version}.%{minor_version}-javadoc.patch
 # PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE
-Patch5:         tomcat-9.0-disable-osgi-build.patch
+Patch4:         tomcat-9.0-disable-osgi-build.patch

 BuildRequires:  ant >= 1.8.1
 BuildRequires:  ant-antlr
@ -255,10 +253,9 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
          -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -print -delete
 %patch0
 %patch1
-#%patch2 -p1
-%patch3
+%patch2
+%patch3 -p1
 %patch4 -p1
-%patch5 -p1

 # remove date from docs
 sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl