Accepting request 1117656 from Java:packages

bsc#1216182, CVE-2023-44487

OBS-URL: https://build.opensuse.org/request/show/1117656
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=97

apache-tomcat-9.0.80-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f35fa7fe8d9de6ca08972d625c3a51297d367805d6281ff6f6610f612753b62f
-size 6272358

apache-tomcat-9.0.80-src.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - http://gpgtools.org
-
-iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAmTmhA4ACgkQEMAcWi9g
-Wef41BAAhMvH7+ycd0O90vsdFd1CkEAOyTeewkbFucuVa+YNGwfvyfLvbYv2pqeP
-V/u2V2FO9qssGWXbF1ZHs6YQSnPS2Z6XqcoFUZ1NndbbyTOal2XIdbU7fLsPIHRk
-a3HpE0h/TTLRr3LOWGZywD+1vgaQJFMFSihdKRMz+j77OeyphByrUm3Y9w8mw5o2
-pFJvAyq2/ABEhY7rOyqa9qjMaUY0a0QDs13DZSElfQtg9xJh2pML7VXEZtnt6c8E
-qhOkgmgro+FcZi1Oyw9ytBIEorZmGnWZSQ/20PqPxLr/AOa+TtVkr8dz+lPZJhfa
-vOUZ0EQ1/UoOU8K1yEoVHbzISTW/DXaCCPJKyCHMD0GfgAAaqC8oKxtP8lklC3Hv
-OHOae+jskTwRAMxPkCts12pr45DAyw6kHqaSYW7in/xQBv/1wJuYsFtSXlaIup70
-gxOHeqWxZBguFpFsCrnvpAsHEBQ/zaldNkC7XnufuCrZXvzTIkk6bXltnqBVO2CE
-l7xNCFAJaqBOR38hsvZgmSSDPJHceYwcU2Y8ZAtgU/RM+UiApI53+kDNIsL9KYlu
-7dXmWXY/LCIi8rXbcnbvyYVBOjH6NIcPom27JFY3PlUWAOSMCb9i9tpj5Eu9h68N
-y290iYqM/e9/lULx2oA8S8KMGmFzdsMWGVC3yFUIa++br1c79D8=
-=xcTN
------END PGP SIGNATURE-----

apache-tomcat-9.0.82-src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:064cffa1cdc2087439aaff13e8918fbf85b309ebdc8b7bc6ca7d8da28572d660
+size 6285653

apache-tomcat-9.0.82-src.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmUmo7MACgkQaCSJWTWe
+ciuclQ//TVgfBHVgphmkiSxW7SFAkLvKbGPYXrVMeHhpgc3A9Gq+XeGTp29uZ8TH
+sZ4BVCQmzgbsSaDsDDsC3/N0TPEdFlWS2w7a667iYWekNErhzsyf7PlD2cFn11T7
+FmQ8FerXAgtl4NwY5lt2eX748H5sR9sUpTPHZgM9WEW0CXCEqBswx+tcWT+SgYAP
+YyGvFWVCr/I4QS5HigNvmH0QjSO4xTisYUyRYcU4w677tO6STLGON30pRe4ki6GL
+F8I3W98uJKrx+H00zqdTvv0TlG56oQyI5sZBPymQykhts4FW1iXKdH47DrM+FXfW
+wgCUJjt3mQ/+2lzA4QHpRFoaa1FrCJYByeM22rPBhWLSR9UFBN9yrZb0SbnQkf9j
+3klubBBJIad0FN/gD8M/FdfjwmEKsJyAHJLWdJZVpif+xV4aUtEX/FWRv6B0B67t
+6FC8mi3J8DS4sqLtfn/M901MCO6j1XjR78TD02jNzgjD/emxoSfNDst/SRXTyeoc
+mRid8UgLF8+ecTz0GqDJen3jWmOuKmrzX6I0z9jCSJq3PUkaIS9uM91X0sqHOoqb
+HH1dE61b1VO5lbEnjnhCVirS+bKCyiJIQRNWtc8Pe0joszqysYKoOY7TssZUpziO
+w/ekZwRBndDtEtxg2zzjXRMb7Tx8tK7xZE15oLpRXw/WfREJxzI=
+=T082
+-----END PGP SIGNATURE-----

tomcat.changes

@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Fri Oct 13 11:12:07 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Update to Tomcat 9.0.82
+  * Catalina
+    + Add: 65770: Provide a lifecycle listener that will
+      automatically reload TLS configurations a set time before the
+      certificate is due to expire. This is intended to be used with
+      third-party tools that regularly renew TLS certificates.
+    + Fix: Fix handling of an error reading a context descriptor on
+      deployment.
+    + Fix: Fix rewrite rule qsd (query string discard) being ignored
+      if qsa was also use, while it should instead take precedence.
+    + Fix: 67472: Send fewer CORS-related headers when CORS is not
+      actually being engaged.
+    + Add: Improve handling of failures within recycle() methods.
+  * Coyote
+    + Fix: 67670: Fix regression with HTTP compression after code
+      refactoring.
+    + Fix: 67198: Ensure that the AJP connector attribute
+      tomcatAuthorization takes precedence over the
+      tomcatAuthentication attribute when processing an auth_type
+      attribute received from a proxy server.
+    + Fix: 67235: Fix a NullPointerException when an AsyncListener
+      handles an error with a dispatch rather than a complete.
+    + Fix: When an error occurs during asynchronous processing,
+      ensure that the error handling process is only triggered once
+      per asynchronous cycle.
+    + Fix: Fix logic issue trying to match no argument method in
+      IntropectionUtil.
+    + Fix: Improve thread safety around readNotify and writeNotify
+      in the NIO2 endpoint.
+    + Fix: Avoid rare thread safety issue accessing message digest
+      map.
+    + Fix: Improve statistics collection for upgraded connections
+      under load.
+    + Fix: Align validation of HTTP trailer fields with standard
+      fields.
+    + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
+      CVE-2023-44487)
+  * jdbc-pool
+    + Fix: 67664: Correct a regression in the clean-up of
+      unnecessary use of fully qualified class names in 9.0.81
+      that broke the jdbc-pool.
+  * Jasper
+    + Fix: 67080: Improve performance of EL expressions in JSPs that
+      use implicit objects
+
 -------------------------------------------------------------------
 Thu Sep 21 16:41:56 UTC 2023 - Fridrich Strba <fstrba@suse.com>
 

tomcat.spec

@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 80
+%define micro_version 82
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}