Accepting request 535883 from home:ecsos:server

- update to 8.0.47
  http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
  * Fixed CVE:
    - CVE-2017-12617 
- rebase tomcat-8.0-sle.catalina.policy.patch

OBS-URL: https://build.opensuse.org/request/show/535883
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=112

apache-tomcat-8.0.44-src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fdfe5fb204dab3b4ca44717600c486ff1271d75658b397713fd942577fcd1c1d
-size 4970761

apache-tomcat-8.0.44-src.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQIcBAABCgAGBQJZE02vAAoJECCLCrHWMBHHM3IP/3sJB9MhOQ4ykxyiIimuVT9Z
-HKXxYIy9hAvljAaCB8H2Fro1Ghhc7wRHrTw6ZWT0doiAAg1KfyETXp03XXwFcNfz
-peZjL8BIWB4xwm6tQBBzkFs89P2rLz8xyR+EXeY8KabsUmxJNBBgkNnA513b39SP
-XaHmZ/Gt3+sSDjfgkBfQcwAVooS3bbLZyh/h6B4rPWLc2iWLuIKoQBHFBXb1DjQ0
-h7+m8IZ1t9voYNRtX2qUgzSY+qXfI8lJNLBTFIccR8mVGqdYmj5fmAb4e0OkOMrH
-oTYR+IsB86OW0pPE8Wy0EETN9eNLxtFXQ876itBXw1RVKhcK7Mi8dZ/USxwOjWCy
-CGIrdmaJ4S7vE5LoRsMc9hWMslcZMr6RhpEE5dvJPQw2hfv/vvnatypFnmWpWx+t
-cUdB5AiiEqfDqbj4o/Kz3rgl+hJZ4Nrx6HclQjE4sUi3lUBgPOrMDD2ZBeTGfT8D
-yY/VomlzeR5tPUNIx2C+nagtMGQjcKnaIuY/BZvKfQYyl/yJv8a8p0bzN5n6cbXw
-fQfATLBzZNa+wy5TWpmMhDamzLyZEuftqcO/Y7aMwTjnL36pQUsYoTvsQM5fpe1B
-XckmxPzBWjgoJ+NDMK3IbDdac33PAB4+JbTZMToN8XvFNFBAFFZCDgCQ+BeipJ5a
-8FnaXRHNurbFiIChu1L2
-=S6iN
------END PGP SIGNATURE-----

apache-tomcat-8.0.47-src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2e34a707f1d2ab03aae194db2aed7aa525e62ee3cd648e7058bee49ac1b578c
+size 4996505

apache-tomcat-8.0.47-src.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAABCgAGBQJZzlCjAAoJECCLCrHWMBHHgeAP/3BzfQpy8+glSgYJlfaVBI3v
+7+a4ZM24/ADePqjP4455HzmtZL7GFnfIWzKiTek5BYSHAVC0QkBdr0v59i2XhgmU
+HzE4WxuE91Se8Y59CQHy/TZ9ra4yJmMCCfazxSESFsHXZJ4i76cn7mhAwtGUY2kz
+YJkTV3YdH09aJ2WtLxzVAICAp3a14C3bE+mylKJ4IaQtWjhqzB1XxBnypveJPJP5
+kQ7qW61tgg/d+qqvQhlYRwBlKND86ZWgxcXJ5OrTZCSDDoule1CJDGUAyn5WuVyG
+A2iRIMpwRmT5fifDALcC3KtVhimuK/nBoa9uFTiSB0brtN8wPSavMtgA3cbU4UQP
+8Hq/t9UuQ9wMhAtmcBaKV+2dFX2IfcT6YmWZyX//1fI9JDdjiqmLOx10yhPISjdl
+8xYvcfMZ1FxIb3s+ukHGsJXVeMv3AQT4UcyZT+OaJvn1Bft74ZC9mfE8iQBhSzJ2
+vvwZ3bWf0ltcXJT06VVoG7k1QbgDjg33E+6nn2gkfBQR5iNP62rb45i3r9OG6+8P
+Kod5ilZTdKSYaEuow3HLpa78Hy+qNHHfrnSRE+QStBJhmcso/+B1IXT8MJjYLGQV
+qHMtlla6yt4z5ZbtA8brjACWimtX0n4EikvXWEyvuuhvzrBg2rn/bbSvR4+g5ibA
+z3Ao7ToPrQ3m5k/IajK4
+=tqTZ
+-----END PGP SIGNATURE-----

tomcat-8.0-sle.catalina.policy.patch

@@ -1,11 +1,8 @@
 Index: conf/catalina.policy
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
 ===================================================================
---- conf/catalina.policy	(revision Local version)
-+++ conf/catalina.policy	(revision Shelved version)
-@@ -100,6 +100,7 @@
+--- conf/catalina.policy.orig
++++ conf/catalina.policy
+@@ -100,6 +100,7 @@ grant codeBase "file:${catalina.home}/bi
          //  ${file.separator}classes${file.separator}logging.properties", "read";
  };
  
@@ -13,7 +10,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
  // These permissions apply to the server startup code
  grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
          permission java.security.AllPermission;
-@@ -112,7 +113,6 @@
+@@ -112,7 +113,6 @@ grant codeBase "file:${catalina.home}/li
          permission java.security.AllPermission;
  };
  
@@ -21,7 +18,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
  // If using a per instance lib directory, i.e. ${catalina.base}/lib,
  // then the following permission will need to be uncommented
  // grant codeBase "file:${catalina.base}/lib/-" {
-@@ -167,6 +167,9 @@
+@@ -167,6 +167,9 @@ grant {
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
  
      // Precompiled JSPs need access to these packages.
@@ -31,10 +28,10 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
      permission java.lang.RuntimePermission
-@@ -216,6 +219,15 @@
-     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+@@ -233,6 +236,15 @@ grant codeBase "file:${catalina.home}/we
  };
  
+ 
 +// Additional basic permissions for web applications.
 +grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
 +	permission java.security.AllPermission;
@@ -47,7 +44,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
  // You can assign additional permissions to particular web applications by
  // adding additional "grant" entries here, based on the code base for that
  // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
-@@ -247,7 +259,6 @@
+@@ -264,7 +276,6 @@ grant codeBase "file:${catalina.home}/we
  // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
  //      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
  // };

tomcat.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Oct 23 06:07:05 UTC 2017 - ecsos@opensuse.org
+
+- update to 8.0.47
+  http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
+  * Fixed CVE:
+    - CVE-2017-12617 
+- rebase tomcat-8.0-sle.catalina.policy.patch
+
 -------------------------------------------------------------------
 Tue Sep 19 09:07:39 UTC 2017 - fstrba@suse.com
 

tomcat.spec

@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 8
 %define minor_version 0
-%define micro_version 44
+%define micro_version 47
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}