From b3dd0c42dc0324f58f39618ff71819d58861fb1514c603f76dc50e9fed6bb61a Mon Sep 17 00:00:00 2001 From: Matei Albu Date: Mon, 23 Oct 2017 09:27:05 +0000 Subject: [PATCH] Accepting request 535883 from home:ecsos:server - update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch OBS-URL: https://build.opensuse.org/request/show/535883 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=112 --- apache-tomcat-8.0.44-src.tar.gz | 3 --- apache-tomcat-8.0.44-src.tar.gz.asc | 17 ----------------- apache-tomcat-8.0.47-src.tar.gz | 3 +++ apache-tomcat-8.0.47-src.tar.gz.asc | 17 +++++++++++++++++ tomcat-8.0-sle.catalina.policy.patch | 19 ++++++++----------- tomcat.changes | 9 +++++++++ tomcat.spec | 2 +- 7 files changed, 38 insertions(+), 32 deletions(-) delete mode 100644 apache-tomcat-8.0.44-src.tar.gz delete mode 100644 apache-tomcat-8.0.44-src.tar.gz.asc create mode 100644 apache-tomcat-8.0.47-src.tar.gz create mode 100644 apache-tomcat-8.0.47-src.tar.gz.asc diff --git a/apache-tomcat-8.0.44-src.tar.gz b/apache-tomcat-8.0.44-src.tar.gz deleted file mode 100644 index a863182..0000000 --- a/apache-tomcat-8.0.44-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fdfe5fb204dab3b4ca44717600c486ff1271d75658b397713fd942577fcd1c1d -size 4970761 diff --git a/apache-tomcat-8.0.44-src.tar.gz.asc b/apache-tomcat-8.0.44-src.tar.gz.asc deleted file mode 100644 index 925fbce..0000000 --- a/apache-tomcat-8.0.44-src.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCgAGBQJZE02vAAoJECCLCrHWMBHHM3IP/3sJB9MhOQ4ykxyiIimuVT9Z -HKXxYIy9hAvljAaCB8H2Fro1Ghhc7wRHrTw6ZWT0doiAAg1KfyETXp03XXwFcNfz -peZjL8BIWB4xwm6tQBBzkFs89P2rLz8xyR+EXeY8KabsUmxJNBBgkNnA513b39SP -XaHmZ/Gt3+sSDjfgkBfQcwAVooS3bbLZyh/h6B4rPWLc2iWLuIKoQBHFBXb1DjQ0 -h7+m8IZ1t9voYNRtX2qUgzSY+qXfI8lJNLBTFIccR8mVGqdYmj5fmAb4e0OkOMrH -oTYR+IsB86OW0pPE8Wy0EETN9eNLxtFXQ876itBXw1RVKhcK7Mi8dZ/USxwOjWCy -CGIrdmaJ4S7vE5LoRsMc9hWMslcZMr6RhpEE5dvJPQw2hfv/vvnatypFnmWpWx+t -cUdB5AiiEqfDqbj4o/Kz3rgl+hJZ4Nrx6HclQjE4sUi3lUBgPOrMDD2ZBeTGfT8D -yY/VomlzeR5tPUNIx2C+nagtMGQjcKnaIuY/BZvKfQYyl/yJv8a8p0bzN5n6cbXw -fQfATLBzZNa+wy5TWpmMhDamzLyZEuftqcO/Y7aMwTjnL36pQUsYoTvsQM5fpe1B -XckmxPzBWjgoJ+NDMK3IbDdac33PAB4+JbTZMToN8XvFNFBAFFZCDgCQ+BeipJ5a -8FnaXRHNurbFiIChu1L2 -=S6iN ------END PGP SIGNATURE----- diff --git a/apache-tomcat-8.0.47-src.tar.gz b/apache-tomcat-8.0.47-src.tar.gz new file mode 100644 index 0000000..e9345da --- /dev/null +++ b/apache-tomcat-8.0.47-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2e34a707f1d2ab03aae194db2aed7aa525e62ee3cd648e7058bee49ac1b578c +size 4996505 diff --git a/apache-tomcat-8.0.47-src.tar.gz.asc b/apache-tomcat-8.0.47-src.tar.gz.asc new file mode 100644 index 0000000..aa6952b --- /dev/null +++ b/apache-tomcat-8.0.47-src.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCgAGBQJZzlCjAAoJECCLCrHWMBHHgeAP/3BzfQpy8+glSgYJlfaVBI3v +7+a4ZM24/ADePqjP4455HzmtZL7GFnfIWzKiTek5BYSHAVC0QkBdr0v59i2XhgmU +HzE4WxuE91Se8Y59CQHy/TZ9ra4yJmMCCfazxSESFsHXZJ4i76cn7mhAwtGUY2kz +YJkTV3YdH09aJ2WtLxzVAICAp3a14C3bE+mylKJ4IaQtWjhqzB1XxBnypveJPJP5 +kQ7qW61tgg/d+qqvQhlYRwBlKND86ZWgxcXJ5OrTZCSDDoule1CJDGUAyn5WuVyG +A2iRIMpwRmT5fifDALcC3KtVhimuK/nBoa9uFTiSB0brtN8wPSavMtgA3cbU4UQP +8Hq/t9UuQ9wMhAtmcBaKV+2dFX2IfcT6YmWZyX//1fI9JDdjiqmLOx10yhPISjdl +8xYvcfMZ1FxIb3s+ukHGsJXVeMv3AQT4UcyZT+OaJvn1Bft74ZC9mfE8iQBhSzJ2 +vvwZ3bWf0ltcXJT06VVoG7k1QbgDjg33E+6nn2gkfBQR5iNP62rb45i3r9OG6+8P +Kod5ilZTdKSYaEuow3HLpa78Hy+qNHHfrnSRE+QStBJhmcso/+B1IXT8MJjYLGQV +qHMtlla6yt4z5ZbtA8brjACWimtX0n4EikvXWEyvuuhvzrBg2rn/bbSvR4+g5ibA +z3Ao7ToPrQ3m5k/IajK4 +=tqTZ +-----END PGP SIGNATURE----- diff --git a/tomcat-8.0-sle.catalina.policy.patch b/tomcat-8.0-sle.catalina.policy.patch index 2ed0998..50060c1 100644 --- a/tomcat-8.0-sle.catalina.policy.patch +++ b/tomcat-8.0-sle.catalina.policy.patch @@ -1,11 +1,8 @@ Index: conf/catalina.policy -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 =================================================================== ---- conf/catalina.policy (revision Local version) -+++ conf/catalina.policy (revision Shelved version) -@@ -100,6 +100,7 @@ +--- conf/catalina.policy.orig ++++ conf/catalina.policy +@@ -100,6 +100,7 @@ grant codeBase "file:${catalina.home}/bi // ${file.separator}classes${file.separator}logging.properties", "read"; }; @@ -13,7 +10,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP // These permissions apply to the server startup code grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { permission java.security.AllPermission; -@@ -112,7 +113,6 @@ +@@ -112,7 +113,6 @@ grant codeBase "file:${catalina.home}/li permission java.security.AllPermission; }; @@ -21,7 +18,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP // If using a per instance lib directory, i.e. ${catalina.base}/lib, // then the following permission will need to be uncommented // grant codeBase "file:${catalina.base}/lib/-" { -@@ -167,6 +167,9 @@ +@@ -167,6 +167,9 @@ grant { permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; // Precompiled JSPs need access to these packages. @@ -31,10 +28,10 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; permission java.lang.RuntimePermission -@@ -216,6 +219,15 @@ - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; +@@ -233,6 +236,15 @@ grant codeBase "file:${catalina.home}/we }; + +// Additional basic permissions for web applications. +grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" { + permission java.security.AllPermission; @@ -47,7 +44,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP // You can assign additional permissions to particular web applications by // adding additional "grant" entries here, based on the code base for that // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. -@@ -247,7 +259,6 @@ +@@ -264,7 +276,6 @@ grant codeBase "file:${catalina.home}/we // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; diff --git a/tomcat.changes b/tomcat.changes index 32f35b9..9c5ebd9 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Oct 23 06:07:05 UTC 2017 - ecsos@opensuse.org + +- update to 8.0.47 + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html + * Fixed CVE: + - CVE-2017-12617 +- rebase tomcat-8.0-sle.catalina.policy.patch + ------------------------------------------------------------------- Tue Sep 19 09:07:39 UTC 2017 - fstrba@suse.com diff --git a/tomcat.spec b/tomcat.spec index c9c5d3c..00584be 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 8 %define minor_version 0 -%define micro_version 44 +%define micro_version 47 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name}