rpm/tomcat
SHA256
1
0
Fork 0
forked from pool/tomcat
Code Pull Requests Activity

Accepting request 249896 from home:dmacvicar:branches:Java:packages

Browse Source 
- Fixed Security Manager policies, which makes unable properly
  run webapps by default. (bnc#891264)
  Added: tomcat-7.0-sle.catalina.policy.patch

- Missing security manager policy file prevents Tomcat to start
  with systemd. (bnc#890995)

- Tomcat 7.0.55 requires ecj 4.4.0

OBS-URL: https://build.opensuse.org/request/show/249896
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=60
This commit is contained in:
Tomáš Chvátal 2014-09-17 08:38:34 +00:00 committed by Git OBS Bridge
parent dd18bdfe7a
commit 83c25cd053
4 changed files with 77 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
tomcat-7.0-sle.catalina.policy.patch Normal file
View File

@ -0,0 +1,50 @@
diff -Naur apache-tomcat-7.0.55-src/conf/catalina.policy apache-tomcat-7.0.55-src.new/conf/catalina.policy
--- apache-tomcat-7.0.55-src/conf/catalina.policy 2014-07-18 16:49:04.000000000 +0200
+++ apache-tomcat-7.0.55-src.new/conf/catalina.policy 2014-09-16 17:49:07.963129705 +0200
@@ -95,6 +95,7 @@
// ${file.separator}classes${file.separator}logging.properties", "read";
};
+
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
@@ -107,7 +108,6 @@
permission java.security.AllPermission;
};
-
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
// then the following permission will need to be uncommented
// grant codeBase "file:${catalina.base}/lib/-" {
@@ -162,6 +162,9 @@
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
// Precompiled JSPs need access to these packages.
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
@@ -214,6 +217,15 @@
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
};
+// Additional basic permissions for web applications.
+grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
+ permission java.security.AllPermission;
+};
+
// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
@@ -245,4 +257,3 @@
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };
-

4
tomcat-7.0-tomcat-sysd
View File

@ -60,8 +60,10 @@ function start() {
if [[ "$SECURITY_MANAGER" = "true" ]]; then
DSECURITY_MANAGER="-Djava.security.manager"
DSECURITY_POLICY="-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy"
else
unset DSECURITY_MANAGER
unset DSECURITY_POLICY
fi
if ${USE_JSVC}; then
@ -76,7 +78,7 @@ function start() {
-Dcatalina.base="$CATALINA_BASE" \
-Dcatalina.home="$CATALINA_HOME" \
-Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
-Djava.io.tmpdir="$CATALINA_TMPDIR" ${DSECURITY_MANAGER} \
-Djava.io.tmpdir="$CATALINA_TMPDIR" ${DSECURITY_MANAGER} ${DSECURITY_POLICY} \
-Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \
-Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \
org.apache.catalina.startup.Bootstrap start

18
tomcat.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Tue Sep 16 16:09:59 UTC 2014 - bmaryniuk@suse.com
- Fixed Security Manager policies, which makes unable properly
run webapps by default. (bnc#891264)
Added: tomcat-7.0-sle.catalina.policy.patch
-------------------------------------------------------------------
Tue Sep 16 14:13:20 UTC 2014 - bmaryniuk@suse.com
- Missing security manager policy file prevents Tomcat to start
with systemd. (bnc#890995)
-------------------------------------------------------------------
Mon Sep 15 13:02:02 UTC 2014 - dmacvicar@suse.de
- Tomcat 7.0.55 requires ecj 4.4.0
-------------------------------------------------------------------
Mon Sep 8 09:01:13 UTC 2014 - dmacvicar@suse.de

8
tomcat.spec
View File

@ -72,9 +72,11 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pa
Patch2: tomcat-7.0.52-property-build.windows.patch
# PATCH-FIX-UPSTREAM: https://issues.apache.org/bugzilla/show_bug.cgi?id=56373
Patch3: tomcat-7.0.53-JDTCompiler-java.patch
# PATCH-FIX-SLE: Change security manager default policies bnc#891264
Patch4: tomcat-7.0-sle.catalina.policy.patch
BuildRequires: ant >= 1.8.1
BuildRequires: ant-antlr
BuildRequires: ecj >= 4.2.1
BuildRequires: ecj >= 4.4.0
BuildRequires: fdupes
BuildRequires: findutils
BuildRequires: geronimo-jaf-1_0_2-api
@ -205,7 +207,7 @@ Group: Productivity/Networking/Web/Servers
Requires: %{name}-el-%{elspec}-api = %{version}-%{release}
Requires: %{name}-jsp-%{jspspec}-api = %{version}-%{release}
Requires: %{name}-servlet-%{servletspec}-api = %{version}-%{release}
Requires(post): ecj >= 4.2.1
Requires(post): ecj >= 4.4
Requires(post): jakarta-commons-pool-tomcat5
Requires(preun): %{_bindir}/rm
Provides: jakarta-commons-dbcp-tomcat5 = 1.4
@ -249,6 +251,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch1 -p1
%patch2 -p1
%patch3
%patch4 -p1
# remove date from docs
sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl