rpm/tomcat
SHA256
1
0
Fork 0
forked from pool/tomcat
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=258

Browse Source
This commit is contained in:
Fridrich Strba 2023-05-22 17:59:49 +00:00 committed by Git OBS Bridge
parent 6bc85246b3
commit dc50fb9b4f
23 changed files with 120 additions and 4932 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apache-tomcat-9.0.43-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28db36e1f1440c8517513a282f71383d825fe1383d8e5317e22e5122803c40ca
size 6042010

16
apache-tomcat-9.0.43-src.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAmATIH8ACgkQEMAcWi9g
Wecu9hAAhNGHtILVHGLWoqGJPVC29l2kgXiDshkFbgHKxeR6K5kooaxIB0N9QGGb
9H/BEwM92Kdl2VwQwtZBrW+x+worRQWIAHLCS9KF/UaVMLSIO54E5+aeJ6+vgBPC
AQdIn2mZ4o4RtUfYWsGgtPrQvGR/M+VSLKALn6SeB9O60zHrDvgpdVp0coFw0aIY
mi0HWsfoZltGTqscsgVEsSvolkvo7Au0c9DAGVGSLzhavlHT3Wnvsg8RuQ+oV2G+
aX1R1J7xuPyDxrvLHShOu9ERxxHmEIgJ5/wrWgGUEwJJQmSAqFQHW7q1kswOmL5a
mfWYSsqrqcsc+8QI6oYnVfN6Yu/Podcb1Tbs0elYdn+rEU0j73j6gGITSzSFokkZ
2tueXJ/U5rHthWMiL8xLZXp9RpOzGgpo91TY3qSHsvpVi7HSX9kLsUq4gHFPDehF
s+5ycfYy+fzsRUs6Fsa/2FfRIy9zEatzcjX2yvFCjBaeKbv8cRixeVCqsERopIwW
5hwh1hmqQNn4FuOS/Ei03QkRHGPHWhrBU5GS0ZEruhUNfc4kfogBBsaUBQkfv94C
EScu+rTeOSEv4exWAH/IiaOHPPYQTH9RXJ+aPbZpZ+7BOzpYU30hFGZwhRli1hqa
Ib7wuGMQXfNJQ8ndAlzPIMjp12dLOYeOeoRqHK5duaXfK9e+WN8=
=KHse
-----END PGP SIGNATURE-----

3
apache-tomcat-9.0.75-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:35fee3552179eb0ee1ed3b0ec4785d94b9e7402bb23f1aeb223178b7e4645a82
size 6241477

16
apache-tomcat-9.0.75-src.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESPjmn2OQyfJc/tzSaCSJWTWecisFAmRTrhwACgkQaCSJWTWe
cisKuA/+IQFNKHTyMq7uCBmSMpfqzdFH6tE3MiUFAvHfNE7MuYBtyCFkTmryNP2j
wAHuvT8qJYyglhTkP6Ra+4EipLltAZEPF6a5K9PYQEtCmEo0BlpJq8Bln0Re8nzs
z1JEPsPlIlJkx3utfX+QSVn9/roTK+RdP0x4FMxD7Ujg00UOZ1kr5Z+VY4ArT3QC
H2yriYiPAk5WX2ovtyhvnF606TcZGU9wUcUVaQMNDETjmFD4aS7PuhcwpNU/ZbS9
vB8psCwb75U1iOE9oRfXDQbxvOAUhcAJPPVaS88I0iDNYlp870l/nUCTotFm14yG
uHXEE/XDVN2aojLH302AxZjTbXqXAga5TBT0aFAL3UWzqdz9UA/2sZqbjr0gN4U6
ggZ6wc8B1CqzuT7xFOI+ugMNokXt4CZdZ4bjFLfRCU8ZEpIoPsW6f6vtVRKUwAU2
1Fr/XsGnTwVcIvnlD0PrLd4RGRqgdAzhIXZ5+q//1ls/hEXDx63AkYkv0T6AtaFn
tuoLXcF7plWAQXHq+qKtjWIKjLDItZAEpvLI3Jd3Nf9cJgS+qiyCfijh9Z9y24ts
FgcYFPVxbDMsv4nEPdHDRw9rwx0AJzLSw4XofrBiw3uEYvUbV+zJQSxzNa2hPAGd
IJEADr8Ou1JLg5HgH7qVyx94ifeOKocBOoO3RhTMP6lOJN0cJ3E=
=bv2c
-----END PGP SIGNATURE-----

2666
tomcat-9.0-CVE-2021-30640.patch
View File

File diff suppressed because it is too large Load Diff

195
tomcat-9.0-CVE-2021-33037.patch
View File

@ -1,195 +0,0 @@
Index: apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11Processor.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/coyote/http11/Http11Processor.java
+++ apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11Processor.java
@@ -212,11 +212,8 @@ public class Http11Processor extends Abs
// Parsing trims and converts to lower case.
- if (encodingName.equals("identity")) {
- // Skip
- } else if (encodingName.equals("chunked")) {
- inputBuffer.addActiveFilter
- (inputFilters[Constants.CHUNKED_FILTER]);
+ if (encodingName.equals("chunked")) {
+ inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
contentDelimitation = true;
} else {
for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
@@ -753,13 +750,14 @@ public class Http11Processor extends Abs
InputFilter[] inputFilters = inputBuffer.getFilters();
// Parse transfer-encoding header
- if (http11) {
+ // HTTP specs say an HTTP 1.1 server should accept any recognised
+ // HTTP 1.x header from a 1.x client unless the specs says otherwise.
+ if (!http09) {
MessageBytes transferEncodingValueMB = headers.getValue("transfer-encoding");
if (transferEncodingValueMB != null) {
List<String> encodingNames = new ArrayList<>();
if (TokenList.parseTokenList(headers.values("transfer-encoding"), encodingNames)) {
for (String encodingName : encodingNames) {
- // "identity" codings are ignored
addInputFilter(inputFilters, encodingName);
}
} else {
Index: apache-tomcat-9.0.43-src/test/org/apache/coyote/http11/TestHttp11Processor.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ apache-tomcat-9.0.43-src/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -254,31 +254,6 @@ public class TestHttp11Processor extends
@Test
- public void testWithTEIdentity() throws Exception {
- getTomcatInstanceTestWebapp(false, true);
-
- String request =
- "POST /test/echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
- "Host: any" + SimpleHttpClient.CRLF +
- "Transfer-encoding: identity" + SimpleHttpClient.CRLF +
- "Content-Length: 9" + SimpleHttpClient.CRLF +
- "Content-Type: application/x-www-form-urlencoded" +
- SimpleHttpClient.CRLF +
- "Connection: close" + SimpleHttpClient.CRLF +
- SimpleHttpClient.CRLF +
- "test=data";
-
- Client client = new Client(getPort());
- client.setRequest(new String[] {request});
-
- client.connect();
- client.processRequest();
- Assert.assertTrue(client.isResponse200());
- Assert.assertTrue(client.getResponseBody().contains("test - data"));
- }
-
-
- @Test
public void testWithTESavedRequest() throws Exception {
getTomcatInstanceTestWebapp(false, true);
@@ -1859,4 +1834,102 @@ public class TestHttp11Processor extends
// NO-OP
}
}
+
+
+ @Test
+ public void testTEHeaderUnknown01() throws Exception {
+ doTestTEHeaderUnknown("identity");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown02() throws Exception {
+ doTestTEHeaderUnknown("identity, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown03() throws Exception {
+ doTestTEHeaderUnknown("unknown, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown04() throws Exception {
+ doTestTEHeaderUnknown("void");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown05() throws Exception {
+ doTestTEHeaderUnknown("void, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown06() throws Exception {
+ doTestTEHeaderUnknown("void, identity");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown07() throws Exception {
+ doTestTEHeaderUnknown("identity, void");
+ }
+
+
+ private void doTestTEHeaderUnknown(String headerValue) throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+
+ // No file system docBase required
+ Context ctx = tomcat.addContext("", null);
+
+ // Add servlet
+ Tomcat.addServlet(ctx, "TesterServlet", new TesterServlet(false));
+ ctx.addServletMappingDecoded("/foo", "TesterServlet");
+
+ tomcat.start();
+
+ String request =
+ "GET /foo HTTP/1.1" + SimpleHttpClient.CRLF +
+ "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
+ "Transfer-Encoding: " + headerValue + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF;
+
+ Client client = new Client(tomcat.getConnector().getLocalPort());
+ client.setRequest(new String[] {request});
+
+ client.connect();
+ client.processRequest(false);
+
+ Assert.assertTrue(client.isResponse501());
+ }
+
+
+ @Test
+ public void testWithTEChunkedHttp10() throws Exception {
+
+ getTomcatInstanceTestWebapp(false, true);
+
+ String request =
+ "POST /test/echo-params.jsp HTTP/1.0" + SimpleHttpClient.CRLF +
+ "Host: any" + SimpleHttpClient.CRLF +
+ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+ "Content-Type: application/x-www-form-urlencoded" +
+ SimpleHttpClient.CRLF +
+ "Connection: close" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF +
+ "9" + SimpleHttpClient.CRLF +
+ "test=data" + SimpleHttpClient.CRLF +
+ "0" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF;
+
+ Client client = new Client(getPort());
+ client.setRequest(new String[] {request});
+
+ client.connect();
+ client.processRequest();
+ Assert.assertTrue(client.isResponse200());
+ Assert.assertTrue(client.getResponseBody().contains("test - data"));
+ }
}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -347,6 +347,16 @@
connections are attempted and fail. Patch provided by Maurizio Adami.
(markt)
</fix>
+ <fix>
+ Remove support for the <code>identity</code> transfer encoding. The
+ inclusion of this encoding in RFC 2616 was an error that was corrected
+ in 2001. Requests using this transfer encoding will now receive a 501
+ response. (markt)
+ </fix>
+ <fix>
+ Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
+ clients. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">

55
tomcat-9.0-CVE-2021-41079.patch
View File

@ -1,55 +0,0 @@
From d4b340fa8feaf55831f9a59350578f7b6ca048b8 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 3 Mar 2021 12:00:46 +0000
Subject: [PATCH] Improve robustness
---
.../apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++--
webapps/docs/changelog.xml | 4 ++++
3 files changed, 9 insertions(+), 2 deletions(-)
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cip
engine.emptyCipherSuite=Empty cipher suite
engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
+engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}])
engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -592,8 +592,10 @@ public final class OpenSSLEngine extends
throw new SSLException(e);
}
- if (bytesRead == 0) {
- break;
+ if (bytesRead <= 0) {
+ // This should not be possible. pendingApp is positive
+ // therefore the read should have read at least one byte.
+ throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
}
bytesProduced += bytesRead;
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -173,6 +173,10 @@
the access log file, include information on the current user in the
associated log message (markt)
</fix>
+ <fix>
+ Make handling of OpenSSL read errors more robust when plain text data is
+ reported to be available to read. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">

46
tomcat-9.0-CVE-2022-23181.patch
View File

@ -1,46 +0,0 @@
From 1385c624b4a1e994426e810075c850edc38a700e Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 12 Jan 2022 11:11:29 +0000
Subject: [PATCH] Make calculation of session storage location more robust
---
java/org/apache/catalina/session/FileStore.java | 5 +++--
webapps/docs/changelog.xml | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/session/FileStore.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/session/FileStore.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/session/FileStore.java
@@ -349,13 +349,14 @@ public final class FileStore extends Sto
String filename = id + FILE_EXT;
File file = new File(storageDir, filename);
+ File canonicalFile = file.getCanonicalFile();
// Check the file is within the storage directory
- if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
+ if (!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
return null;
}
- return file;
+ return canonicalFile;
}
}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -118,6 +118,10 @@
Expand coverage of unit tests for JNDIRealm using the UnboundID LDAP SDK
for Java. (markt)
</scode>
+ <fix>
+ Make the calculation of the session storage location more robust when
+ using file based persistent storage. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">

123
tomcat-9.0-NPE-JNDIRealm.patch
View File

@ -1,123 +0,0 @@
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/realm/JNDIRealm.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/realm/JNDIRealm.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2805,6 +2805,9 @@ public class JNDIRealm extends RealmBase
* @return String the escaped/encoded result
*/
protected String doFilterEscaping(String inString) {
+ if (inString == null) {
+ return null;
+ }
StringBuilder buf = new StringBuilder(inString.length());
for (int i = 0; i < inString.length(); i++) {
char c = inString.charAt(i);
@@ -2897,6 +2900,9 @@ public class JNDIRealm extends RealmBase
* @return The string representation of the attribute value
*/
protected String doAttributeValueEscaping(String input) {
+ if (input == null) {
+ return null;
+ }
int len = input.length();
StringBuilder result = new StringBuilder();
Index: apache-tomcat-9.0.43-src/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ apache-tomcat-9.0.43-src/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -56,26 +56,33 @@ public class TestJNDIRealmIntegration {
@Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
- for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
- addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, parameterSets);
- addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, parameterSets);
+ for (String userRoleAttribute : new String[] { "cn", null }) {
+ for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
+ if (userRoleAttribute != null) {
+ addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+ addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+ }
+ }
+ parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
+ "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" },
+ userRoleAttribute });
}
- parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
- "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] {"TestGroup4"} });
return parameterSets;
}
private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
- String roleBase, List<Object[]> parameterSets) {
+ String roleBase, String userRoleAttribute, List<Object[]> parameterSets) {
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
- "test", "test", new String[] {"TestGroup"} });
+ "test", "test", new String[] {"TestGroup"}, userRoleAttribute });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
- "t;", "test", new String[] {"TestGroup"} });
+ "t;", "test", new String[] {"TestGroup"}, userRoleAttribute });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
- "t*", "test", new String[] {"TestGroup"} });
+ "t*", "test", new String[] {"TestGroup"}, userRoleAttribute });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
- "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
+ "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, userRoleAttribute });
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
+ "norole", "test", new String[0], userRoleAttribute });
}
@@ -95,6 +102,8 @@ public class TestJNDIRealmIntegration {
public String credentials;
@Parameter(7)
public String[] groups;
+ @Parameter(8)
+ public String realmConfigUserRoleAttribute;
@Test
public void testAuthenication() throws Exception {
@@ -105,7 +114,7 @@ public class TestJNDIRealmIntegration {
realm.setUserPattern(realmConfigUserPattern);
realm.setUserSearch(realmConfigUserSearch);
realm.setUserBase(realmConfigUserBase);
- realm.setUserRoleAttribute("cn");
+ realm.setUserRoleAttribute(realmConfigUserRoleAttribute);
realm.setRoleName("cn");
realm.setRoleBase(realmConfigRoleBase);
realm.setRoleSearch(realmConfigRoleSearch);
@@ -197,6 +206,17 @@ public class TestJNDIRealmIntegration {
result = conn.processOperation(addUserTestEquals);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+ AddRequest addUserNoRole = new AddRequest(
+ "dn: cn=norole,ou=people,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "cn: norole",
+ "sn: No Role",
+ "userPassword: test");
+ result = conn.processOperation(addUserNoRole);
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -107,6 +107,10 @@
<subsection name="Catalina">
<changelog>
<fix>
+ <bug>63508</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
+ is given. (fschumacher)
+ </fix>
+ <fix>
<bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when
running under a security manager on some JREs. (markt)
</fix>

51
tomcat-9.0-hardening_getResources.patch
View File

@ -1,51 +0,0 @@
From 8a904f6065080409a1e00606cd7bceec6ad8918c Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 30 Mar 2022 20:22:49 +0100
Subject: [PATCH] Security hardening. Deprecate getResources() and always
return null.
This method is never used by Tomcat. If something accidently exposes the
class loader then this method can be used to gain access to Tomcat
internals.
---
.../apache/catalina/loader/WebappClassLoaderBase.java | 7 ++++++-
webapps/docs/changelog.xml | 10 ++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/loader/WebappClassLoaderBase.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -425,10 +425,15 @@ public abstract class WebappClassLoaderB
// ------------------------------------------------------------- Properties
/**
+ * Unused. Always returns {@code null}.
+ *
* @return associated resources.
+ *
+ * @deprecated This will be removed in Tomcat 10.1.x onwards
*/
+ @Deprecated
public WebResourceRoot getResources() {
- return this.resources;
+ return null;
}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -106,6 +106,12 @@
<section name="Tomcat 9.0.43 (markt)">
<subsection name="Catalina">
<changelog>
+ <add>
+ Effectively disable the
+ <code>WebappClassLoaderBase.getResources()</code> method as it is not
+ used and if something accidently exposes the class loader this method
+ can be used to gain access to Tomcat internals. (markt)
+ </add>
<fix>
<bug>63508</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
is given. (fschumacher)

66
tomcat-9.0-javadoc.patch
View File

@ -2,72 +2,6 @@ Index: apache-tomcat-9.0.35-src/build.xml
===================================================================
--- apache-tomcat-9.0.35-src.orig/build.xml
+++ apache-tomcat-9.0.35-src/build.xml
@@ -1902,7 +1902,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -1924,7 +1924,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -1945,7 +1945,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -1966,7 +1966,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -1987,7 +1987,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -2005,9 +2005,10 @@ Apache Tomcat ${version} native binaries
docencoding="UTF-8"
charset="UTF-8"
additionalparam="-breakiterator -notimestamp"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -2027,7 +2028,7 @@ Apache Tomcat ${version} native binaries
source="${compile.source}"
maxmemory="512m"
failonerror="true"
- failonwarning="true">
+ failonwarning="false">
<classpath>
<path refid="compile.classpath"/>
<path location="${ant.core.lib}"/>
@@ -2038,8 +2039,6 @@ Apache Tomcat ${version} native binaries
<link href="../elapi"/>
<link href="../websocketapi"/>

22
tomcat-9.0-jdt.patch Normal file
View File

@ -0,0 +1,22 @@
--- apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 18:12:16.915658492 +0200
+++ apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 19:45:14.491706823 +0200
@@ -310,7 +310,7 @@
} else if(opt.equals("15")) {
settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_Source, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.
@@ -392,8 +392,8 @@
settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
- settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
+ settings.put(CompilerOptions.OPTION_Compliance, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.

20
tomcat-9.0-osgi-build.patch
View File

@ -1,8 +1,18 @@
Index: apache-tomcat-9.0.37-src/build.xml
===================================================================
--- apache-tomcat-9.0.37-src.orig/build.xml
+++ apache-tomcat-9.0.37-src/build.xml
@@ -3307,6 +3307,13 @@ Read the Building page on the Apache Tom
--- apache-tomcat-9.0.75-src/build.xml 2023-05-22 18:12:16.995658642 +0200
+++ apache-tomcat-9.0.75-src/build.xml 2023-05-22 19:41:42.051370923 +0200
@@ -215,10 +215,10 @@
<!-- Classpaths -->
<path id="compile.classpath">
- <pathelement location="${bnd.jar}"/>
<pathelement location="${jdt.jar}"/>
<pathelement location="${jaxrpc-lib.jar}"/>
<pathelement location="${wsdl4j-lib.jar}"/>
+ <path refid="bnd.classpath"/>
</path>
<path id="tomcat.classpath">
@@ -3845,6 +3845,13 @@
<!-- Add bnd tasks to project -->
<path id="bnd.classpath">
<fileset file="${bnd.jar}" />

13
tomcat-9.0.31-secretRequired-default.patch
View File

@ -1,13 +0,0 @@
Index: apache-tomcat-9.0.31-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
===================================================================
--- apache-tomcat-9.0.31-src.orig/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
+++ apache-tomcat-9.0.31-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
@@ -180,7 +180,7 @@ public abstract class AbstractAjpProtoco
}
- private boolean secretRequired = true;
+ private boolean secretRequired = false;
public void setSecretRequired(boolean secretRequired) {
this.secretRequired = secretRequired;
}

181
tomcat-9.0.43-CVE-2021-43980.patch
View File

@ -1,181 +0,0 @@
From 170e0f792bd18ff031677890ba2fe50eb7a376c1 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 29 Mar 2022 19:15:37 +0100
Subject: [PATCH] Improve the recycling of Processor objects to make it more
robust.
---
java/org/apache/coyote/AbstractProtocol.java | 32 ++++++++++---------
.../tomcat/util/net/SocketWrapperBase.java | 17 +++++++---
webapps/docs/changelog.xml | 4 +++
3 files changed, 33 insertions(+), 20 deletions(-)
Index: apache-tomcat-9.0.43-src/java/org/apache/coyote/AbstractProtocol.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/coyote/AbstractProtocol.java
+++ apache-tomcat-9.0.43-src/java/org/apache/coyote/AbstractProtocol.java
@@ -794,7 +794,11 @@ public abstract class AbstractProtocol<S
S socket = wrapper.getSocket();
- Processor processor = (Processor) wrapper.getCurrentProcessor();
+ // We take complete ownership of the Processor inside of this method to ensure
+ // no other thread can release it while we're using it. Whatever processor is
+ // held by this variable will be associated with the SocketWrapper before this
+ // method returns.
+ Processor processor = (Processor) wrapper.takeCurrentProcessor();
if (getLog().isDebugEnabled()) {
getLog().debug(sm.getString("abstractConnectionHandler.connectionsGet",
processor, socket));
@@ -879,9 +883,6 @@ public abstract class AbstractProtocol<S
processor.setSslSupport(
wrapper.getSslSupport(getProtocol().getClientCertProvider()));
- // Associate the processor with the connection
- wrapper.setCurrentProcessor(processor);
-
SocketState state = SocketState.CLOSED;
do {
state = processor.process(wrapper, status);
@@ -901,8 +902,6 @@ public abstract class AbstractProtocol<S
release(processor);
// Create the upgrade processor
processor = upgradeProtocol.getProcessor(wrapper, getProtocol().getAdapter());
- // Associate with the processor with the connection
- wrapper.setCurrentProcessor(processor);
} else {
if (getLog().isDebugEnabled()) {
getLog().debug(sm.getString(
@@ -922,8 +921,6 @@ public abstract class AbstractProtocol<S
getLog().debug(sm.getString("abstractConnectionHandler.upgradeCreate",
processor, wrapper));
}
- // Associate with the processor with the connection
- wrapper.setCurrentProcessor(processor);
// Initialise the upgrade handler (which may trigger
// some IO using the new protocol which is why the lines
// above are necessary)
@@ -961,8 +958,8 @@ public abstract class AbstractProtocol<S
} else if (state == SocketState.OPEN) {
// In keep-alive but between requests. OK to recycle
// processor. Continue to poll for the next request.
- wrapper.setCurrentProcessor(null);
release(processor);
+ processor = null;
wrapper.registerReadInterest();
} else if (state == SocketState.SENDFILE) {
// Sendfile in progress. If it fails, the socket will be
@@ -987,8 +984,7 @@ public abstract class AbstractProtocol<S
// Connection closed. OK to recycle the processor.
// Processors handling upgrades require additional clean-up
// before release.
- wrapper.setCurrentProcessor(null);
- if (processor.isUpgrade()) {
+ if (processor != null && processor.isUpgrade()) {
UpgradeToken upgradeToken = processor.getUpgradeToken();
HttpUpgradeHandler httpUpgradeHandler = upgradeToken.getHttpUpgradeHandler();
InstanceManager instanceManager = upgradeToken.getInstanceManager();
@@ -1009,7 +1005,13 @@ public abstract class AbstractProtocol<S
}
}
}
+
release(processor);
+ processor = null;
+ }
+
+ if (processor != null) {
+ wrapper.setCurrentProcessor(processor);
}
return state;
} catch(java.net.SocketException e) {
@@ -1047,7 +1049,6 @@ public abstract class AbstractProtocol<S
// Make sure socket/processor is removed from the list of current
// connections
- wrapper.setCurrentProcessor(null);
release(processor);
return SocketState.CLOSED;
}
@@ -1081,7 +1082,9 @@ public abstract class AbstractProtocol<S
/**
* Expected to be used by the handler once the processor is no longer
- * required.
+ * required. Care must be taken to ensure that this method is only
+ * called once per processor, after the request processing has
+ * completed.
*
* @param processor Processor being released (that was associated with
* the socket)
@@ -1119,8 +1122,7 @@ public abstract class AbstractProtocol<S
*/
@Override
public void release(SocketWrapperBase<S> socketWrapper) {
- Processor processor = (Processor) socketWrapper.getCurrentProcessor();
- socketWrapper.setCurrentProcessor(null);
+ Processor processor = (Processor) socketWrapper.takeCurrentProcessor();
release(processor);
}
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -29,6 +29,7 @@ import java.util.concurrent.RejectedExec
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -104,10 +105,12 @@ public abstract class SocketWrapperBase<
protected volatile OperationState<?> writeOperation = null;
/**
- * The org.apache.coyote.Processor instance currently associated
- * with the wrapper.
+ * The org.apache.coyote.Processor instance currently associated with the
+ * wrapper. Only populated when required to maintain wrapper<->Processor
+ * mapping between calls to
+ * {@link AbstractEndpoint.Handler#process(SocketWrapperBase, SocketEvent)}.
*/
- protected Object currentProcessor = null;
+ private final AtomicReference<Object> currentProcessor = new AtomicReference<>();
public SocketWrapperBase(E socket, AbstractEndpoint<E,?> endpoint) {
this.socket = socket;
@@ -134,11 +137,15 @@ public abstract class SocketWrapperBase<
}
public Object getCurrentProcessor() {
- return currentProcessor;
+ return currentProcessor.get();
}
public void setCurrentProcessor(Object currentProcessor) {
- this.currentProcessor = currentProcessor;
+ this.currentProcessor.set(currentProcessor);
+ }
+
+ public Object takeCurrentProcessor() {
+ return currentProcessor.getAndSet(null);
}
/**
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -485,6 +485,10 @@
Fix a concurrency issue in the NIO connector that could cause newly
created connections to be removed from the poller. (markt)
</fix>
+ <fix>
+ Improve the recycling of Processor objects to make it more robust.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">

108
tomcat-9.0.43-CVE-2022-42252.patch
View File

@ -1,108 +0,0 @@
From 4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 3 Oct 2022 11:59:01 +0100
Subject: [PATCH] Requests with invalid content-length should always be
rejected
---
Index: apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11InputBuffer.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -886,7 +886,7 @@ public class Http11InputBuffer implement
headerData.lastSignificantChar = pos;
byteBuffer.position(byteBuffer.position() - 1);
// skipLine() will handle the error
- return skipLine();
+ return skipLine(false);
}
// chr is next byte of header name. Convert to lowercase.
@@ -897,7 +897,7 @@ public class Http11InputBuffer implement
// Skip the line and ignore the header
if (headerParsePos == HeaderParsePosition.HEADER_SKIPLINE) {
- return skipLine();
+ return skipLine(false);
}
//
@@ -948,15 +948,11 @@ public class Http11InputBuffer implement
} else if (prevChr == Constants.CR && chr == Constants.LF) {
eol = true;
} else if (prevChr == Constants.CR) {
- // Invalid value
- // Delete the header (it will be the most recent one)
- headers.removeHeader(headers.size() - 1);
- return skipLine();
+ // Invalid value - also need to delete header
+ return skipLine(true);
} else if (chr != Constants.HT && HttpParser.isControl(chr)) {
- // Invalid value
- // Delete the header (it will be the most recent one)
- headers.removeHeader(headers.size() - 1);
- return skipLine();
+ // Invalid value - also need to delete header
+ return skipLine(true);
} else if (chr == Constants.SP || chr == Constants.HT) {
byteBuffer.put(headerData.realPos, chr);
headerData.realPos++;
@@ -1004,7 +1000,27 @@ public class Http11InputBuffer implement
}
- private HeaderParseStatus skipLine() throws IOException {
+ private HeaderParseStatus skipLine(boolean deleteHeader) throws IOException {
+ boolean rejectThisHeader = rejectIllegalHeader;
+ // Check if rejectIllegalHeader is disabled and needs to be overridden
+ // for this header. The header name is required to determine if this
+ // override is required. The header name is only available once the
+ // header has been created. If the header has been created then
+ // deleteHeader will be true.
+ if (!rejectThisHeader && deleteHeader) {
+ if (headers.getName(headers.size() - 1).equalsIgnoreCase("content-length")) {
+ // Malformed content-length headers must always be rejected
+ // RFC 9112, section 6.3, bullet 5.
+ rejectThisHeader = true;
+ } else {
+ // Only need to delete the header if the request isn't going to
+ // be rejected (it will be the most recent one)
+ headers.removeHeader(headers.size() - 1);
+ }
+ }
+
+ // Parse the rest of the invalid header so we can construct a useful
+ // exception and/or debug message.
headerParsePos = HeaderParsePosition.HEADER_SKIPLINE;
boolean eol = false;
@@ -1029,11 +1045,11 @@ public class Http11InputBuffer implement
headerData.lastSignificantChar = pos;
}
}
- if (rejectIllegalHeader || log.isDebugEnabled()) {
+ if (rejectThisHeader || log.isDebugEnabled()) {
String message = sm.getString("iib.invalidheader",
HeaderUtil.toPrintableString(byteBuffer.array(), headerData.lineStart,
headerData.lastSignificantChar - headerData.lineStart + 1));
- if (rejectIllegalHeader) {
+ if (rejectThisHeader) {
throw new IllegalArgumentException(message);
}
log.debug(message);
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -223,6 +223,11 @@
Avoid possible infinite loop in <code>OpenSSLEngine.unwrap</code>
when the destination buffers state is changed concurrently. (remm)
</fix>
+ <fix>
+ Enforce the requirement of RFC 7230 onwards that a request with a
+ malformed <code>content-length</code> header should always be rejected
+ with a 400 response. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">

208
tomcat-9.0.43-CVE-2022-45143.patch
View File

@ -1,208 +0,0 @@
From b336f4e58893ea35114f1e4a415657f723b1298e Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 9 Nov 2022 12:39:15 +0000
Subject: [PATCH] Avoid invalid JSON in JSONErrorReportValve output
---
.../catalina/valves/JsonErrorReportValve.java | 7 +-
.../apache/tomcat/util/json/JSONFilter.java | 61 ++++++++++++++
.../tomcat/util/json/TestJSONFilter.java | 82 +++++++++++++++++++
webapps/docs/changelog.xml | 5 ++
4 files changed, 152 insertions(+), 3 deletions(-)
create mode 100644 java/org/apache/tomcat/util/json/JSONFilter.java
create mode 100644 test/org/apache/tomcat/util/json/TestJSONFilter.java
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/valves/JsonErrorReportValve.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/valves/JsonErrorReportValve.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/valves/JsonErrorReportValve.java
@@ -24,6 +24,7 @@ import org.apache.catalina.connector.Req
import org.apache.catalina.connector.Response;
import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.json.JSONFilter;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -82,9 +83,9 @@ public class JsonErrorReportValve extend
}
}
String jsonReport = "{\n" +
- " \"type\": \"" + type + "\",\n" +
- " \"message\": \"" + message + "\"\n" +
- " \"description\": \"" + description + "\"\n" +
+ " \"type\": \"" + JSONFilter.escape(type) + "\",\n" +
+ " \"message\": \"" + JSONFilter.escape(message) + "\",\n" +
+ " \"description\": \"" + JSONFilter.escape(description) + "\"\n" +
"}";
try {
try {
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/json/JSONFilter.java
===================================================================
--- /dev/null
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/json/JSONFilter.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.json;
+
+/**
+ * Provides escaping of values so they can be included in a JSON document.
+ * Escaping is based on the definition of JSON found in
+ * <a href="https://www.rfc-editor.org/rfc/rfc8259.html">RFC 8259</a>.
+ */
+public class JSONFilter {
+
+ private JSONFilter() {
+ // Utility class. Hide the default constructor.
+ }
+
+ public static String escape(String input) {
+ /*
+ * While any character MAY be escaped, only U+0000 to U+001F (control
+ * characters), U+0022 (quotation mark) and U+005C (reverse solidus)
+ * MUST be escaped.
+ */
+ char[] chars = input.toCharArray();
+ StringBuffer escaped = null;
+ int lastUnescapedStart = 0;
+ for (int i = 0; i < chars.length; i++) {
+ if (chars[i] < 0x20 || chars[i] == 0x22 || chars[i] == 0x5c) {
+ if (escaped == null) {
+ escaped = new StringBuffer(chars.length + 20);
+ }
+ if (lastUnescapedStart < i) {
+ escaped.append(input.subSequence(lastUnescapedStart, i));
+ }
+ lastUnescapedStart = i + 1;
+ escaped.append("\\u");
+ escaped.append(String.format("%04X", Integer.valueOf(chars[i])));
+ }
+ }
+ if (escaped == null) {
+ return input;
+ } else {
+ if (lastUnescapedStart < chars.length) {
+ escaped.append(input.subSequence(lastUnescapedStart, chars.length));
+ }
+ return escaped.toString();
+ }
+ }
+}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -133,6 +133,11 @@
<code>RemoteIpFilter</code> determines that this request was submitted
via a secure channel. (lihan)
</fix>
+ <fix>
+ Escape values used to construct output for the
+ <code>JsonErrorReportValve</code> to ensure that it always outputs valid
+ JSON. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
Index: apache-tomcat-9.0.43-src/test/org/apache/tomcat/util/json/TestJSONFilter.java
===================================================================
--- /dev/null
+++ apache-tomcat-9.0.43-src/test/org/apache/tomcat/util/json/TestJSONFilter.java
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.json;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+
+
+@RunWith(Parameterized.class)
+public class TestJSONFilter {
+
+ @Parameterized.Parameters(name = "{index}: input[{0}], output[{1}]")
+ public static Collection<Object[]> parameters() {
+ Collection<Object[]> parameterSets = new ArrayList<>();
+
+ // Empty
+ parameterSets.add(new String[] { "", "" });
+
+ // Must escape
+ parameterSets.add(new String[] { "\"", "\\u0022" });
+ parameterSets.add(new String[] { "\\", "\\u005C" });
+ // Sample of controls
+ parameterSets.add(new String[] { "\t", "\\u0009" });
+ parameterSets.add(new String[] { "\n", "\\u000A" });
+ parameterSets.add(new String[] { "\r", "\\u000D" });
+
+ // No escape
+ parameterSets.add(new String[] { "aaa", "aaa" });
+
+ // Start
+ parameterSets.add(new String[] { "\naaa", "\\u000Aaaa" });
+ parameterSets.add(new String[] { "\n\naaa", "\\u000A\\u000Aaaa" });
+
+ // Middle
+ parameterSets.add(new String[] { "aaa\naaa", "aaa\\u000Aaaa" });
+ parameterSets.add(new String[] { "aaa\n\naaa", "aaa\\u000A\\u000Aaaa" });
+
+ // End
+ parameterSets.add(new String[] { "aaa\n", "aaa\\u000A" });
+ parameterSets.add(new String[] { "aaa\n\n", "aaa\\u000A\\u000A" });
+
+ // Start, middle and end
+ parameterSets.add(new String[] { "\naaa\naaa\n", "\\u000Aaaa\\u000Aaaa\\u000A" });
+ parameterSets.add(new String[] { "\n\naaa\n\naaa\n\n", "\\u000A\\u000Aaaa\\u000A\\u000Aaaa\\u000A\\u000A" });
+
+ // Multiple
+ parameterSets.add(new String[] { "\n\n", "\\u000A\\u000A" });
+
+ return parameterSets;
+ }
+
+ @Parameter(0)
+ public String input;
+
+ @Parameter(1)
+ public String output;
+
+ @Test
+ public void testStringEscaping() {
+ Assert.assertEquals(output, JSONFilter.escape(input));;
+ }
+}

262
tomcat-9.0.43-CVE-2023-24998.patch
View File

@ -1,262 +0,0 @@
From cf77cc545de0488fb89e24294151504a7432df74 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 13 Dec 2022 17:55:34 +0000
Subject: [PATCH] Update packaged renamed fork of Commons File Upload
---
MERGE.txt | 2 +-
.../apache/catalina/connector/Request.java | 10 +++-
.../apache/tomcat/util/http/Parameters.java | 5 ++
.../util/http/fileupload/FileUploadBase.java | 29 +++++++++++
.../impl/FileCountLimitExceededException.java | 50 +++++++++++++++++++
webapps/docs/changelog.xml | 8 +++
webapps/docs/config/ajp.xml | 15 +++---
webapps/docs/config/http.xml | 15 +++---
8 files changed, 120 insertions(+), 14 deletions(-)
create mode 100644 java/org/apache/tomcat/util/http/fileupload/impl/FileCountLimitExceededException.java
Index: apache-tomcat-9.0.43-src/MERGE.txt
===================================================================
--- apache-tomcat-9.0.43-src.orig/MERGE.txt
+++ apache-tomcat-9.0.43-src/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
Sub-tree:
src/main/java/org/apache/commons/fileupload2
The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
-ee0a7131b6b87586b28542de354951414dedac3f (2021-01-15)
+34eb241c051b02eca3b0b1b04f67b3b4e6c3a24d (2023-01-03)
Note: Tomcat's copy of fileupload also includes classes copied manually from
Commons IO.
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/connector/Request.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/connector/Request.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/connector/Request.java
@@ -2862,8 +2862,9 @@ public class Request implements HttpServ
}
}
+ int maxParameterCount = getConnector().getMaxParameterCount();
Parameters parameters = coyoteRequest.getParameters();
- parameters.setLimit(getConnector().getMaxParameterCount());
+ parameters.setLimit(maxParameterCount);
boolean success = false;
try {
@@ -2915,6 +2916,13 @@ public class Request implements HttpServ
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
+ if (maxParameterCount > -1) {
+ // There is a limit. The limit for parts needs to be reduced by
+ // the number of parameters we have already parsed.
+ // Must be under the limit else parsing parameters would have
+ // triggered an exception.
+ upload.setFileCountMax(maxParameterCount - parameters.size());
+ }
parts = new ArrayList<>();
try {
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/Parameters.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/http/Parameters.java
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/Parameters.java
@@ -125,6 +125,11 @@ public final class Parameters {
}
+ public int size() {
+ return parameterCount;
+ }
+
+
public void recycle() {
parameterCount = 0;
paramHashValues.clear();
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java
@@ -25,6 +25,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Objects;
+import org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileItemStreamImpl;
import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
@@ -133,6 +134,12 @@ public abstract class FileUploadBase {
private long fileSizeMax = -1;
/**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+ private long fileCountMax = -1;
+
+ /**
* The content encoding to use when reading part headers.
*/
private String headerEncoding;
@@ -209,6 +216,24 @@ public abstract class FileUploadBase {
}
/**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+ public long getFileCountMax() {
+ return fileCountMax;
+ }
+
+ /**
+ * Sets the maximum number of files allowed per request/
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+ public void setFileCountMax(long fileCountMax) {
+ this.fileCountMax = fileCountMax;
+ }
+
+ /**
* Retrieves the character encoding used when reading the headers of an
* individual part. When not specified, or {@code null}, the request
* encoding is used. If that is also not specified, or {@code null},
@@ -281,6 +306,10 @@ public abstract class FileUploadBase {
final FileItemFactory fileItemFactory = Objects.requireNonNull(getFileItemFactory(), "No FileItemFactory has been set.");
final byte[] buffer = new byte[Streams.DEFAULT_BUFFER_SIZE];
while (iter.hasNext()) {
+ if (items.size() == fileCountMax) {
+ // The next item will exceed the limit.
+ throw new FileCountLimitExceededException(ATTACHMENT, getFileCountMax());
+ }
final FileItemStream item = iter.next();
// Don't use getName() here to prevent an InvalidFileNameException.
final String fileName = ((FileItemStreamImpl) item).getName();
Index: apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/fileupload/impl/FileCountLimitExceededException.java
===================================================================
--- /dev/null
+++ apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/http/fileupload/impl/FileCountLimitExceededException.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+
+/**
+ * This exception is thrown if a request contains more files than the specified
+ * limit.
+ */
+public class FileCountLimitExceededException extends FileUploadException {
+
+ private static final long serialVersionUID = 2408766352570556046L;
+
+ private final long limit;
+
+ /**
+ * Creates a new instance.
+ *
+ * @param message The detail message
+ * @param limit The limit that was exceeded
+ */
+ public FileCountLimitExceededException(final String message, final long limit) {
+ super(message);
+ this.limit = limit;
+ }
+
+ /**
+ * Retrieves the limit that was exceeded.
+ *
+ * @return The limit that was exceeded by the request
+ */
+ public long getLimit() {
+ return limit;
+ }
+}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -142,6 +142,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Other">
+ <changelog>
+ <update>
+ Update the internal fork of Apache Commons FileUpload to 34eb241
+ (2023-01-03, 2.0-SNAPSHOT). (markt)
+ </update>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.42 (markt)" rtext="not released">
<subsection name="Catalina">
Index: apache-tomcat-9.0.43-src/webapps/docs/config/ajp.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/config/ajp.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/config/ajp.xml
@@ -136,12 +136,15 @@
</attribute>
<attribute name="maxParameterCount" required="false">
- <p>The maximum number of parameter and value pairs (GET plus POST) which
- will be automatically parsed by the container. Parameter and value pairs
- beyond this limit will be ignored. A value of less than 0 means no limit.
- If not specified, a default of 10000 is used. Note that
- <code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
- used to reject requests that hit the limit.</p>
+ <p>The maximum total number of request parameters (including uploaded
+ files) obtained from the query string and, for POST requests, the request
+ body if the content type is
+ <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Request parameters beyond this limit
+ will be ignored. A value of less than 0 means no limit. If not specified,
+ a default of 10000 is used. Note that <code>FailedRequestFilter</code>
+ <a href="filter.html">filter</a> can be used to reject requests that
+ exceed the limit.</p>
</attribute>
<attribute name="maxPostSize" required="false">
Index: apache-tomcat-9.0.43-src/webapps/docs/config/http.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/config/http.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/config/http.xml
@@ -153,12 +153,15 @@
</attribute>
<attribute name="maxParameterCount" required="false">
- <p>The maximum number of parameter and value pairs (GET plus POST) which
- will be automatically parsed by the container. Parameter and value pairs
- beyond this limit will be ignored. A value of less than 0 means no limit.
- If not specified, a default of 10000 is used. Note that
- <code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
- used to reject requests that hit the limit.</p>
+ <p>The maximum total number of request parameters (including uploaded
+ files) obtained from the query string and, for POST requests, the request
+ body if the content type is
+ <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Request parameters beyond this limit
+ will be ignored. A value of less than 0 means no limit. If not specified,
+ a default of 10000 is used. Note that <code>FailedRequestFilter</code>
+ <a href="filter.html">filter</a> can be used to reject requests that
+ exceed the limit.</p>
</attribute>
<attribute name="maxPostSize" required="false">

226
tomcat-9.0.43-CVE-2023-28708.patch
View File

@ -1,226 +0,0 @@
From 3b51230764da595bb19e8d0962dd8c69ab40dfab Mon Sep 17 00:00:00 2001
From: lihan <lihan@apache.org>
Date: Fri, 10 Feb 2023 10:01:27 +0800
Subject: [PATCH] Fix BZ 66471 - JSessionId secure attribute missing with
RemoteIpFilter and X-Forwarded-Proto set to https
https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
---
java/org/apache/catalina/Globals.java | 7 ++
.../apache/catalina/connector/Request.java | 14 +++
.../catalina/filters/RemoteIpFilter.java | 7 +-
.../catalina/filters/TestRemoteIpFilter.java | 96 ++++++++++++++-----
webapps/docs/changelog.xml | 5 +
5 files changed, 100 insertions(+), 29 deletions(-)
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/Globals.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/Globals.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/Globals.java
@@ -113,6 +113,13 @@ public final class Globals {
/**
+ * The request attribute that is set to the value of {@code Boolean.TRUE}
+ * if {@link org.apache.catalina.filters.RemoteIpFilter} determines
+ * that this request was submitted via a secure channel.
+ */
+ public static final String REMOTE_IP_FILTER_SECURE = "org.apache.catalina.filters.RemoteIpFilter.secure";
+
+ /**
* The request attribute that can be used by a servlet to pass
* to the connector the name of the file that is to be served
* by sendfile. The value should be {@code java.lang.String}
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/connector/Request.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/connector/Request.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/connector/Request.java
@@ -3601,6 +3601,20 @@ public class Request implements HttpServ
// NO-OP
}
});
+ specialAttributes.put(Globals.REMOTE_IP_FILTER_SECURE,
+ new SpecialAttributeAdapter() {
+ @Override
+ public Object get(Request request, String name) {
+ return Boolean.valueOf(request.isSecure());
+ }
+
+ @Override
+ public void set(Request request, String name, Object value) {
+ if (value instanceof Boolean) {
+ request.setSecure(((Boolean) value).booleanValue());
+ }
+ }
+ });
specialAttributes.put(Globals.STREAM_ID,
new SpecialAttributeAdapter() {
@Override
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/filters/RemoteIpFilter.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/filters/RemoteIpFilter.java
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/filters/RemoteIpFilter.java
@@ -581,11 +581,6 @@ public class RemoteIpFilter extends Gene
return serverPort;
}
- @Override
- public boolean isSecure() {
- return secure;
- }
-
public void removeHeader(String name) {
Map.Entry<String, List<String>> header = getHeaderEntry(name);
if (header != null) {
@@ -625,7 +620,7 @@ public class RemoteIpFilter extends Gene
}
public void setSecure(boolean secure) {
- this.secure = secure;
+ super.getRequest().setAttribute(Globals.REMOTE_IP_FILTER_SECURE, Boolean.valueOf(secure));
}
public void setServerName(String serverName) {
Index: apache-tomcat-9.0.43-src/test/org/apache/catalina/filters/TestRemoteIpFilter.java
===================================================================
--- apache-tomcat-9.0.43-src.orig/test/org/apache/catalina/filters/TestRemoteIpFilter.java
+++ apache-tomcat-9.0.43-src/test/org/apache/catalina/filters/TestRemoteIpFilter.java
@@ -82,15 +82,21 @@ public class TestRemoteIpFilter extends
private static final long serialVersionUID = 1L;
- private transient HttpServletRequest request;
-
- public HttpServletRequest getRequest() {
- return request;
- }
+ public String remoteAddr;
+ public String remoteHost;
+ public String scheme;
+ public String serverName;
+ public int serverPort;
+ public boolean isSecure;
@Override
public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- this.request = request;
+ this.isSecure = request.isSecure();
+ this.remoteAddr = request.getRemoteAddr();
+ this.remoteHost = request.getRemoteHost();
+ this.scheme = request.getScheme();
+ this.serverName = request.getServerName();
+ this.serverPort = request.getServerPort();
PrintWriter writer = response.getWriter();
writer.println("request.remoteAddr=" + request.getRemoteAddr());
@@ -130,16 +136,6 @@ public class TestRemoteIpFilter extends
}
@Override
- public void setAttribute(String name, Object value) {
- getCoyoteRequest().getAttributes().put(name, value);
- }
-
- @Override
- public Object getAttribute(String name) {
- return getCoyoteRequest().getAttributes().get(name);
- }
-
- @Override
public String getServerName() {
return "localhost";
}
@@ -770,16 +766,70 @@ public class TestRemoteIpFilter extends
// VALIDATE
Assert.assertEquals(HttpURLConnection.HTTP_OK, httpURLConnection.getResponseCode());
- HttpServletRequest request = mockServlet.getRequest();
- Assert.assertNotNull(request);
// VALIDATE X-FORWARDED-FOR
- Assert.assertEquals(expectedRemoteAddr, request.getRemoteAddr());
- Assert.assertEquals(expectedRemoteAddr, request.getRemoteHost());
+ Assert.assertEquals(expectedRemoteAddr, mockServlet.remoteAddr);
+ Assert.assertEquals(expectedRemoteAddr, mockServlet.remoteHost);
// VALIDATE X-FORWARDED-PROTO
- Assert.assertTrue(request.isSecure());
- Assert.assertEquals("https", request.getScheme());
- Assert.assertEquals(443, request.getServerPort());
+ Assert.assertTrue(mockServlet.isSecure);
+ Assert.assertEquals("https", mockServlet.scheme);
+ Assert.assertEquals(443, mockServlet.serverPort);
+ }
+
+ @Test
+ public void testJSessionIdSecureAttributeMissing() throws Exception {
+
+ // mostly default configuration : enable "x-forwarded-proto"
+ Map<String, String> remoteIpFilterParameter = new HashMap<>();
+ remoteIpFilterParameter.put("protocolHeader", "x-forwarded-proto");
+
+ // SETUP
+ Tomcat tomcat = getTomcatInstance();
+ Context root = tomcat.addContext("", TEMP_DIR);
+
+ FilterDef filterDef = new FilterDef();
+ filterDef.getParameterMap().putAll(remoteIpFilterParameter);
+ filterDef.setFilterClass(RemoteIpFilter.class.getName());
+ filterDef.setFilterName(RemoteIpFilter.class.getName());
+
+ root.addFilterDef(filterDef);
+
+ FilterMap filterMap = new FilterMap();
+ filterMap.setFilterName(RemoteIpFilter.class.getName());
+ filterMap.addURLPatternDecoded("*");
+ root.addFilterMap(filterMap);
+
+ Bug66471Servlet bug66471Servlet = new Bug66471Servlet();
+
+ Tomcat.addServlet(root, bug66471Servlet.getClass().getName(), bug66471Servlet);
+ root.addServletMappingDecoded("/test", bug66471Servlet.getClass().getName());
+
+ getTomcatInstance().start();
+
+ Map<String, List<String>> resHeaders = new HashMap<>();
+ Map<String, List<String>> reqHeaders = new HashMap<>();
+ String expectedRemoteAddr = "my-remote-addr";
+ List<String> forwardedFor = new ArrayList<>(1);
+ forwardedFor.add(expectedRemoteAddr);
+ List<String> forwardedProto = new ArrayList<>(1);
+ forwardedProto.add("https");
+ reqHeaders.put("x-forwarded-for", forwardedFor);
+ reqHeaders.put("x-forwarded-proto", forwardedProto);
+
+ getUrl("http://localhost:" + tomcat.getConnector().getLocalPort() +
+ "/test", null, reqHeaders, resHeaders);
+ String setCookie = resHeaders.get("Set-Cookie").get(0);
+ Assert.assertTrue(setCookie.contains("Secure"));
+ Assert.assertTrue(bug66471Servlet.isSecure.booleanValue());
+ }
+ public static class Bug66471Servlet extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+ public Boolean isSecure;
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ req.getSession();
+ isSecure = (Boolean) req.getAttribute(Globals.REMOTE_IP_FILTER_SECURE);
+ }
}
}
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -128,6 +128,11 @@
Make the calculation of the session storage location more robust when
using file based persistent storage. (markt)
</fix>
+ <fix>
+ <bug>66471</bug>: Fix JSessionId secure attribute missing When
+ <code>RemoteIpFilter</code> determines that this request was submitted
+ via a secure channel. (lihan)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">

32
tomcat-9.0.43-java8compat.patch
View File

@ -1,32 +0,0 @@
--- apache-tomcat-9.0.43-src/build.xml 2022-07-05 21:42:13.038838402 +0200
+++ apache-tomcat-9.0.43-src/build.xml 2022-07-05 23:04:10.506328581 +0200
@@ -957,6 +957,7 @@
deprecation="${compile.deprecation}"
source="${compile.source}"
target="${compile.target}"
+ release="${compile.release}"
encoding="ISO-8859-1"
includeAntRuntime="true" >
<!-- Uncomment this to show unchecked warnings:
@@ -964,6 +965,21 @@
-->
<compilerarg value="-XDignore.symbol.file"/>
<classpath refid="compile.classpath" />
+ <exclude name="org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java"/>
+ </javac>
+ <javac srcdir="java" destdir="${tomcat.classes}"
+ debug="${compile.debug}"
+ deprecation="${compile.deprecation}"
+ source="${compile.source}"
+ target="${compile.target}"
+ encoding="ISO-8859-1"
+ includeAntRuntime="true" >
+ <!-- Uncomment this to show unchecked warnings:
+ <compilerarg value="-Xlint:unchecked"/>
+ -->
+ <compilerarg value="-XDignore.symbol.file"/>
+ <classpath refid="compile.classpath" />
+ <include name="org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java"/>
</javac>
<!-- Copy static resource files -->
<copy todir="${tomcat.classes}" encoding="ISO-8859-1">

11
tomcat-9.0.75-secretRequired-default.patch Normal file
View File

@ -0,0 +1,11 @@
--- apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:12:16.907658477 +0200
+++ apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:31:07.969096813 +0200
@@ -177,7 +177,7 @@
}
- private boolean secretRequired = true;
+ private boolean secretRequired = false;
public void setSecretRequired(boolean secretRequired) {
this.secretRequired = secretRequired;

700
tomcat.keyring
View File

@ -1,650 +1,50 @@
This file contains the PGP&GPG keys of various Apache developers.
Please don't use them for email unless you have to. Their main
purpose is code signing.
Apache users: pgp < KEYS
Apache developers:
(pgpk -ll <your name> && pgpk -xa <your name>) >> this file.
or
(gpg --fingerprint --list-sigs <your name>
&& gpg --armor --export <your name>) >> this file.
Apache developers: please ensure that your key is also available via the
PGP keyservers (such as pgpkeys.mit.edu).
Type Bits/KeyID Date User ID
pub 2048/F22C4FED 2001/07/02 Andy Armstrong <andy@tagish.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
GQEFGwMAAAAACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz
x+r2ANe8/0e+u5ZcYtSaSry+uQINBDtAWuUQCAD2Qle3CH8IF3KiutapQvMF6PlT
ETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZ
X9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56N
oKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kj
wEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obE
AxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAIC
B/0eHkYQ0Rv6s21TgpOzRBon+rQAv9ka0PlC7bj2eYWsCOBib8K7qO8hND0sW59p
0uFQ01X7kC7L/4Ls1HTk0chEZMV0UrGAOKXHY1QFlxrNtFi5U3pTPITXDDfy+g/G
6FTX3PLnGGvwXbtaiAq5UjQ6iXm03lh0BW6Q+kPtm8swPPfqfjYv0rrT+I8Ic3p2
HplWKR2bpi3wqCSKB/AaTQJwTbh2x2+2cPVONPodgjZSJ9eQkErejkNSvqbumlTx
dB81eoGa0Lo2xE7N+DNlCnILGE0X4hPMdj+N5fmyEbyx0WOB8crvCuODGGEQnXs/
zbVO7FP+rj7YWjRh5pVD3bGiiQBMBBgRAgAMBQI7QFrlBRsMAAAAAAoJEGo60/Ty
LE/tj/QAoOFNFa7rbAy+eT6mRNb7XztfcAbWAKD6Gd6S/7lEJU0k2TS5tozt4jMl
vw==
=/91Q
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024D/86867BA6 2001-11-22 Jean-Frederic Clere (jfclere) <JFrederic.Clere@fjitsu-siemens.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDv9Gx8RBADclmKwDLcibNVipQnhYW+bFIpuQjQnRrqRwn3gXM+/luzzJYJ4
bbWpw13zjX0EkrAJ8qH2A/d0EIU1eZ0zHrLgRvMUfLGFUX7FFFw18JKFLTVGhG4/
8sSl3ydHSA2Kd1PF6xjBP7iM7sg5dJfEkyMzvK5H4F0ZpTqy3087wsg1wwCgitRy
Zg4x3lWZSkOwBj472qaO9GkD/2q6kyWfAK6XFe3GuB5AAs3poMfN1eqW+duM4TA8
zUiWK0Wxx4JXJbL7n0i4d+JdXJsrjSjF++KKfelcxsrSxoUIBegez25MUSvHe09D
R3nqkY8CVO+viEtzRBqkSgCMbUjAtfkQ+vp2jDnWSmmkNfY0OYAzt+KRyJKcjUSJ
gvOOA/45+DN9wuTELoFTvsXh1JgOL/QvW1fmQ2HrcQk94BkzIsfVGWClCiig5gNw
LCxTbfgA5htpI8U7vPR9/5gH7U8Wy3HR6xQUZxcbttMeYit2VbDEJzF5r5S0pJvD
vyk3n1kiKU7r49sjhxGgE8J/VvDpO6YcIsDs8LoULwuJTg0DTrRDSmVhbi1GcmVk
ZXJpYyBDbGVyZSAoamZjbGVyZSkgPEpGcmVkZXJpYy5DbGVyZUBmdWppdHN1LXNp
ZW1lbnMuY29tPohXBBMRAgAXBQI7/RsfBQsHCgMEAxUDAgMWAgECF4AACgkQ0+/m
toaGe6amGQCeJU5VZ8QCi8+PY0QJHPA63e5uPyoAmgOWIwFm8A/xmW8qjEvVAWtb
TjZxuQENBDv9GyMQBACCbFlSF+udW/Qz2oknDen8Hoql4Q1Q7CUQTbPjoQAcYgZg
LrsR6hc9aCIf3Kt4qZBgQ1Oe9M/AemOFhU04UNp3dgHk91EYRvx80Rua992p/8V7
QOhwIBVb2XE8as5nL2j8w6Jz7eSs/bivxm9yD0AH/I5H01RAJivRbOTsUgSkDwAD
BQP5ARlW2Nqc0U17asQsmMYvT1UMiOiyBwUD/DIEG2Xy1hlEvdljg8WU26jcjpGq
MrT69T4Z+eZ2oVyiRQTW4qMUBKc0Nbz89hL0qv9K41ExxxH+JgE1csRVvmwAT8Iy
lnhof7TJLRBtvan3+p21Kxl1uQ7MbmLT875u+vc+J098fIiIRgQYEQIABgUCO/0b
IwAKCRDT7+a2hoZ7pn9UAJ9f0TK0QQOtjQBvxAissopYhDKHGACePZg0k9sj69yw
nVWrBS9fvFC9jcA=
=BTiM
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024D/E86E29AC 2002-02-13 kevin seguin <seguin@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org
mQGiBDxqtR8RBACbySxGrtf+flbowryS1Hj4z3zzEXD4CAEq6RjSGMtIraCDRJfp
6Gexs+lQ6IhpdC4GfX70SUMjXXvT5suhXYeGOM4iJHqUsksgzEKjUqcfj1l3qmOs
/doE8lcGGHcYbMplBcfuop+shZYiv9GEJ3gutwn/dNnhs/QA9bCdIj03lwCgvAcy
QpT5JdTym2p2icd5e91mGIUEAJMw6JHTTcCiyoTRy7k8Cf65d8S7bTDLr6pqJVE2
XU41CvW/pgL31akYAxpeZJJnsBaLaUiqh6K0qgfEMlDwDeC6gVogHBxWkEXdK1dr
tGL4GIUcxQ1+ZvQhGg7dtjanmfMlylVgS+C48awJySkinRmaQDbQ0MKdFchLc/y1
OR3IA/0VkIvlidehMPbZCalqhS9AEsDiFq5/u5AsQzDEp2nmTGlmBqjhc39kEnu4
qKq08az1Gt6Q7sxXbjH/jYtDgd49FW5Yg4k5B3hpTgnbyRE6SGlKksu8qTmYkDve
4rej6pvJRHwp6hDKxDG8qQoLWIgOfVC8960nurqx56QdV9YMsLQga2V2aW4gc2Vn
dWluIDxzZWd1aW5AYXBhY2hlLm9yZz6IVwQTEQIAFwUCPGq1HwULBwoDBAMVAwID
FgIBAheAAAoJEKy3f8Lobims3E0An0x3rrUMIijUMFoqnoT7muNGwmAzAJ990TWj
dZO4ayh1M+cWhjaw9W+44bkBDQQ8arUkEAQApaMm5HUB1Yk2x5MavAs/O4zfWnOx
YFOeXIPfGvhlhF2/Lrjs9icaa/tOM/CTCes19nDWP5Fc+pQxmgSPrgt3fsShwZJe
p3iYodLbM76uXEgSvI4Wh6kwViHbN4V1GxJAd2ZPVb1v+lauGUCOgPFGw99UV9sO
tTRXSbFS6AgqQzMAAwUD/jq6boxlnab/GUmKrILeLkv1X0G2/AEXEGRmG0nkhVdj
OShoqtPr4y/UhMzJUOequs2CdvRlTIyAyZqN7A0Qp4mFfmsvp0dYYssTtE4bCzZe
WxSKgjtBWBHXnH+Qzjb5R2Tz28kAxNY+dt7yxC+CkXWDZq/rsPgsXNbWXT49FnF8
iEYEGBECAAYFAjxqtSQACgkQrLd/wuhuKazl7QCfQkz5t/3T6EtXZCcXz/hlswyI
z30AoLr/7hwXgedEepBk/Gm9HUsbMnM8
=S1mb
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
pub 1024D/307A10A5 2002-07-18 Henri Gomez *** RPM SIGNING KEY ***
<hgomez@users.sourceforge.net>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBD02vbERBAC1v8fR6gjERpaz4UMfdy0hRVWCPSbOdF+Swm/IenjVzErco6zb
MTa13umUNrDPBy/tTWiCCZrOnqi7fgDzWqPEqrXJjKAFVLEWE6MmKylPPEPG1/bm
idkNGERSAZduvhKv777PzvEJJ/8eGe3wy/O8NbgIjCPtr4UklwCZS8cFuwCg8oMO
UdT8qZRtzdxdAyu1m5fUb+MD/3IKJYWXsdtb6iBphCU4f/BoyjVC9EZJ1ywLuiVM
siKbuaDUaXU9nWcbNKv+fx8uZ1NaadpfLokqqhnWcpnSiqw8HNR7SwsF1D33rkXK
O4FSuVss/tIoqGdWFcJyPkP4yP5shxqR335narVw2vDa0+BiWkALbA2qVsSIdZDB
LeFZA/47AMBS0U2BRk2rQT8LmMuFl7mR+wNBM4n7FUGdxsGn3TcYd4pXTNrEQPrV
YNdooKlikgGk4hgFnIFX09Spmimqgq0goFue81rttVdZZ4uep8dTghY6gwmvcOxX
jATbhWStBhdu9B35kzfHc+1QihD5Z94u4uyWIVBIzikcdiY8LbQqSGVucmkgR29t
ZXogPGhnb21lekB1c2Vycy5zb3VyY2Vmb3JnZS5uZXQ+iFcEExECABcFAj02vbEF
CwcKAwQDFQMCAxYCAQIXgAAKCRAZMdaEMHoQpYijAKCCP68ndU/kTXR9XAKLvibC
3S8+1QCfUFQYte3Jo+MHKaWjsu9JGptRzo+5Ag0EPTa93RAIAKlsRJ5gOGTFsmaR
W9k6MIh4c/MCy7J7HUxT5xTdHROa+3zUh+FAE/JaOx9ZtZtH863DFHA8cP4L+tpi
PjBT6g2E94dwGcuH/OiSSCT4JSBukbGbOuLLdmFXqUl8+4gsL90Xal67FtNLwyLG
1n7geLir0byD+OT7VLA5w+6G0NOpJEveV/FIa2qLgdRZ8vz73ybgMh18hBUrUmro
jncp0rln2VU7VCH1C2aClKm7kK4mGAjIFIzKbguK+kM3b8NDHmXKpT6syyCtIM3h
prkV1TUCAFqLI32aSdlTN79lpeA2zDga9k4/4X/RDHsFpRN2neRFGTNUtuUgYpQQ
E5zWBmMAAwUH/RiGxyeBsad923IwE1+GAjxFl2tqF9xWk0J6yTnSK4nfhYAE9evV
jwDEok9jRl4ILCcXx6YN/d/lWNuSbARKHz/3hLiTouPpwd3SSJ8is2x9PgpJz5JX
cD0y1SkbPLvs3jH3ZmdcxZpuAmJeI/typqFKK5pWP44oXIH+XH/8nWDtmLEBkgKQ
/ATQWenMTmZ6MIJ6aWKWGkO9QS6iYRz3PPPGQ1O8W02CeprM2wBtlb8J1Z3RxNhM
rZcg/1Qi3V3D1HI4zw6tAFmDeBb8J4PaBQzqlhzx2EBTbfwNPhV8AlPvpxHEeGGn
v+O1yhZr33SnyZdINNoNDn+owVMdmkobe9GIRgQYEQIABgUCPTa93QAKCRAZMdaE
MHoQpRsTAJ4qst3MhLm48fBAEnzuzi/BIKr+AgCfYaCB/AvPoncQbHc8BcNGRimR
P9A=
=hQhz
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024D/564C17A3 2003-01-11 Mladen Turk <mturk@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32)
mQGiBD4fwXIRBAC7WRS8PYxi2YH0T1mX4HCYsF8aHoqxBzMnyFR4J896m1s96vGM
BTSAwH2NKbiVqtfLokTbQkUVxtrgrF2HMB5NfYBg/JzT7pZL/Q2ThWUS7SJQQA4f
a7/DpiLiHalp6iX45om6JTdIWEyXv26csIVhmtlkGBEPRhNRX8X4//BM0wCg7wcA
yQ7c5NmoOJLVs+uHsRrnHo0D/R/dMyuWt7/o0eGIEuRlDl2q+YL8xLuVyJMXQBnd
jo7jKpQ+Q1zl93aVTzsJa7mP2zZ7jqaJ855sdz6rvwyhGF1/qYMtm6zrmgBy2XPm
J+57sfwSZr0bhIeMpCWjIw98z9sObq0v2r2oA3+J9E3Na/BZsCVTZVb3ew7ILmEp
F5D7A/4zvjY41dakCAJsD1Xo8TS6hSqJf4zq9vX3ayJVvUjeo8n4sHNOwcbEnnui
9zZaUH3F0x+3cDo7mS1Y4pD8THuqCZoSbSkiHnlved6nLXsKbqvVrVo+esEhfZCn
Iji3gp+2TVNwdHXGM+4BAzMJCLsdXjByO6SNzB9a+H8RsRlZKrQ8TWxhZGVuIFR1
cmsgKCoqKiBERUZBVUxUIFNJR05JTkcgS0VZICoqKikgPG10dXJrQGFwYWNoZS5v
cmc+iF0EExECAB0FAj4fwXIFCRLP94AFCwcKAwQDFQMCAxYCAQIXgAAKCRAcUGQH
VkwXo0jxAKCgHzXPIB4IAgoD7GMAohPQfX7j2QCeL6pAsf4pPufmPvbrrpDp6rQH
GOS5Ag0EPh/BhhAIAKWzq7+/+nNYGpc7sXGkDNo9xncxcx/KbbJVT0rBteuaonQ4
vYar1ITjIhOPmF9yPmpUddNrqgQTSO+Or+ZrVOndn+qC1gdY3qpKIN3KTjXloW38
0Y84ezwdRLznQNkhgXwNcB55l/Z9kLaW2MS8CJzOuYSQT1CYbXg7XP3684ZmV1KC
cGgcUt9VkIGqwsa2RFDNGvMbySedSkJ/70Q+PJlkXN+W86f8hi3HTjw2MCkNa5NL
+Byg8FEAm95YWrO6kCY3qaJYV7NRt9oVd+2V/NNzwYp3Or/QoYofvfNerupfwBmU
GEXPyZCqqNH6nDv6chscsWvEA9KzhsWnsdKhmHsAAwUH/R6LwfWgtpaO42dQI4ZS
VRBmCeWrXCuyVk0d13Yz0xLi5Z5m4g3MON3d+cRVUiyNX+hbDGpi2mkbsnL559Ef
iqmzDmSz5GQHDutolhOPtLxLrC537ODn2q7hnYQwIQYYIUtYD5sYlzfGYC8olGCB
IcKIdlGRWcxxiFCIJm5CX/jnSBsyDRpanlSrdkxhzAGsifqj4NQ19ayoeNoZg2ZP
9SLIY7vbmOxJeHEYkx8AG25xOY1PLotb/0buSXPB8e71zb/DCV1rAhhUxAr/2JOQ
RqlZBq6PfcHKLRitXRCeVvfldRxuWBIzhuTLUfRPYR6phjP50EzZPlbJzIvGwsOI
RheITAQYEQIADAUCPh/BhgUJEs/3gAAKCRAcUGQHVkwXoy0JAJ9WTfqfYzW/F6qi
5MxmqDnU9/G+6ACfQVmhZNnGTSfcwQCttwCaW3CRhDY=
=MWUr
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
DSS 3072/1024 0x7C037D42 2003/08/05 *** DEFAULT SIGNING KEY ***
Yoav Shapira <yoavs@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8
mQGiBD8u/mgRBAD5WKD5xF3CLrnABeS1DvQQhYH+tJjvAmyZgFkYwaQT7eiiOzLa
PC5knbcBC4nuw+8OOPDFw0Ghb2MFogQzRxD6gpPH2t9eEUsrkPFax2Kw2vNTHRrQ
RGAastmi+EYJsQAoktX2dPseTdrkeJBk240Bfj08ZUFg4uPuho9C45ND6QCg/6SO
FMuan62QE+DwlUiMDo4ZcU0EAMDS8k6Dhb5m/0njO6w9OLTEyzohlsM9AP+4mfgB
NOJYhrzfkFoElOcWSA/V3nmYn2VS0oIYDDtBnjXVWZidzTAWKsbT9/AepS3/P2tG
KMhlXhas+uAiAbMpOglz8fdQ76ivQqyRdS99t4iy/cP2ZC3ShAqZQCacfWY5ZQ8Q
kTILBADvp/eayw8fvtfWQXJ9EjBRbhO4THmP6z8J+4ypG6l0V/RBjDWZybrqibO9
ejnOjQYJNCnfrfpzQ5l6dHyy86zLyg+bkFxeId4jp/IfDfJX90sGbuQahNYYwqTp
SFiDMI3KN5ZhzhGnx+pKQh59pcux3HyKmcpPa4oB0CT828lWuLQfWW9hdiBTaGFw
aXJhIDx5b2F2c0BhcGFjaGUub3JnPokATgQQEQIADgUCPy7+aAQLAwECAhkBAAoJ
ECZhkcN8A31CGLkAoPRDGtLRwjkzS2F/OBPkRHKF9/atAKCIh3Fmcr2Cdn05P4qF
kBe3QeWVt7kDDQQ/Lv5qEAwAzB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfI
fHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8q
zh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdL
fDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0Op
lK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPF
RzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEH
NmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4z
ISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGf
nHy9iUsiGSa6q6Jew1XpTDJvAAICC/4iJF383WNktP9/SxeGVIV74r7C7q5Cxr4a
Liy7pEYs52DEft3JzTCLI5O4+NjOw+hEd3QiIytUJRW66V6zd50h4x9lBfK+eMYz
GKNN7kd3aBmH/vXEsG9m9bK1ExwyWq4uyf76nRx1Ya9YthNWmxPUHQnSrOYNPU0/
beA87ouZG4RL9tYqdu3NKJ4g/DYiaw+twvhSoCUkBEFHFfKLDlv8zyQvPTaPUSAM
Ha5/G2Dj1D5RluMSCEMG1V8+YcYAFh63WEP7Afye0mR1LMJvmlba67ogh0ZSfR+I
ju3lhJ9XOp/2W372F9ZbRJofgofVwHQV6INB5uX7KHAdXtPTss+l1nTmydLhsiPC
5oh99ITPdOm8gRzrP10aFwCnwsqXvr+b7fX/CywpuCOQMIr4sbhbYTTClwDo6E0U
TQ+Nb7PWE+8KuJuobTvMUqDQSQaQBnkpLcvRt3cPppANtkaADAeNf0RqKxxLlym4
AltN8G8IMLtSJoH9xlQHTQA4tEUeKOeJAEYEGBECAAYFAj8u/moACgkQJmGRw3wD
fUJh7ACdE7QuMkzSbxEzTXnbkS61AUPy06QAoI5b613vrWeqg5Gz9C7TzG+FEEoh
=O17Z
-----END PGP PUBLIC KEY BLOCK-----
pub 1024D/33C60243 2004-09-12
Key fingerprint = DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243
uid Mark E D Thomas <markt@apache.org>
uid Mark E D Thomas <med.thomas@virgin.net>
uid Mark E D Thomas <mark.thomas@springsource.com>
sub 2048g/0BECE548 2004-09-12
pub 4096R/2F6059E7 2009-09-18
Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7
uid Mark E D Thomas <markt@apache.org>
sub 4096R/5E763BEC 2009-09-18
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)
mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL
rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw
4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u
k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9TpNHkKSSUR2evRlWPYA0YtxBSbsgON
tT0cYipAp5IcYt6Zq5QzHiZreyQXLAjItDS2oGCIXfNbTYJ3kxxJTCU/3wlefVdq
LBh4ttm7gmWaiTDTgG4axLF5oMpAb3m4v6s1KvXVVj2pqkhBknfuoRh1wPqbtwks
7HOIBADVezl1/vny5YzdoqsDx1ByXMLi7CuMexQPllhRbdN+an+ZiJ5YP8J9rPdl
NCELsCCcDKLGLjlp43XfMxsgYAPEZNG2ObjKTarhk3uGYN3aJrx7s+G+c2bu8o2n
SyAFQ1iDsjS87PgSPCONA2/36ZShmv1OjLWz5Vo7hGSPcW4ZdLQiTWFyayBFIEQg
VGhvbWFzIDxtYXJrdEBhcGFjaGUub3JnPohGBBARAgAGBQJJEoLqAAoJEJsf2p88
BiIx2ssAnjsjHqeIOdOQYuNjDxVIqfAQN8vaAJwLv/HLCQwTZdxOFqwt/Pf/Ae5L
6IhGBBARAgAGBQJJE0bmAAoJEJA4TZo1x+lCCH0Anj1yuBFfP+bNK+51xQhqFsSN
cB1vAKCzK5HbowxZd2MjzMU31USprksZTIhGBBARAgAGBQJJGG7wAAoJELDgGPyz
tNmL35kAniTaqQ+uSzJgX1o7Bp8BAFYoQ+o0AKCm4eD3gf06AK20FZwSck8ibIQ2
3ohGBBARAgAGBQJJGekxAAoJEC0hq2VlRht59xoAnRcmnR1vJZsRCGcSuxKv+0nA
FrKsAJ9R7Gdc25unU6zF/UwUs7LdWTIFN4hGBBARAgAGBQJJGjZhAAoJEFuWgBDg
T5qJQLAAniDrgK53AhSBmZRGLU6HaI4jPO6jAJ4gWQWhnovMkAKqLRtc18Z1Q60N
vYhGBBARAgAGBQJJHtOZAAoJEFMmz0Afnhe7pzMAnAu/W6rzeOXe7SoMtbPF4mg/
OycXAJoDQfqJpGoUFEjsoePDY0WOd5hI9YhGBBARAgAGBQJJVjbUAAoJELlbvT+k
PESS4lIAniLTQ0XnArkk0TCIBeSWWRL2SvWjAJ4+9XuK0Mg5Pk2454JbWxXqv0cW
i4hGBBARAgAGBQJJXgPpAAoJEA9FCiZiEL/ADcsAnAns0QDk3Iwb0X1GbhRfRHFf
GeV2AJ9+8rA4UfTtUnFMZZCEdyohyunM5YhKBBARAgAKBQJDme2qAwUDeAAKCRAM
PU85FKClKanOAKCIBOdqECQwSoSS6Bsw/j0rhhhOHQCfTCp+IgPx+uJ9YhhgKDyr
U3psooeIagQQEQIAKgIZAQUbAwAAAAUeAQAAAAUCSrQLBwULCQgHAwUVCgkICwUW
AgMBAAIXgAAKCRBvsh6JM8YCQ/3tAKDTsnK90MamPgLtqRxEDmCMu6mX7ACg5rF4
05TH5JA7h23YfJCsC9ZTeoCIqQQQEQIAaQUCSVsZ6iAcU2FuZGVyIFRlbW1lIDxz
YW5kZXJAdGVtbWUubmV0PiIcU2FuZGVyIFRlbW1lIDxzY3RlbW1lQGFwYWNoZS5v
cmc+HhxTYW5kZXIgVGVtbWUgPHNhbmRlckBtYWMuY29tPgAKCRCyvrxAFSkkr91K
AJ93ymf/0iywAVIno5/T8/QUJSKVBgCfe4UPcLtISs3GI8mpYyjCXq35OEmJARsE
EAECAAYFAkkSbKQACgkQW+YxwZmV0krHkgf407SOW6qaU4nqHUJ5kFPWgcLcVVo2
w4gQ1u6s+HzEXNTmvKZrOIzKJMnttyM2RDklmCwaI/lkJApyMbQoMW5UksTGVgnF
WHKyiYx03SnVNPH+QID9IhPzAvp2rLH9IQUtfu1vxvfsQQEZGNmKXUgaG0OduXTY
J+EkhaIFotOa6pLBcUuqjmbSI840IjnVV5a5wLyonDGFFJ7FbbHDecOcLzI9jmSd
mLQlgXD8XwYe8XqNknc6C4uOniDc+iuDRqzGFAMs7f8YK6C1fh3mWCjuNNQ64wvm
JqvxWinFKh6BpTBecqtXwta1Vzfa3tGKSrWCPfODAUHqXni+hhdEqMftiEYEEBEC
AAYFAkoVTuwACgkQarqkr5Czi1hBvACeLUdijz+jB9K9XGL1O5ZhPv8bEWwAoIIw
5uol5zSFoHcK1WHJI5D9CUhgtCdNYXJrIEUgRCBUaG9tYXMgPG1lZC50aG9tYXNA
dmlyZ2luLm5ldD6IYQQTEQIAIQIbAwIeAQIXgAUCSrQLFgULCQgHAwUVCgkICwUW
AgMBAAAKCRBvsh6JM8YCQ/rAAKCcgX1TjaeqTP62LIxml8Z1hL0cSQCeOZiYPXub
vNxwTWh01BOrh5oztDqIRgQQEQIABgUCSRKC6gAKCRCbH9qfPAYiMTeJAKCfTgLW
8OR8o1SY8DHu5/Lw/QyffQCfefq9NCLX99dWBqQqQhX8Ov/vt1yIRgQQEQIABgUC
SRNG5gAKCRCQOE2aNcfpQsvGAKDh7MWTZaEaEe9zBbiHiUQOtZYsSQCgqdqu199/
TDjuXF+frwmzaZqOB3qIRgQQEQIABgUCSRnpMQAKCRAtIatlZUYbeZNCAJ9e6ogA
O4ZpKrEQHuuJnpPnDYT5fgCaAgyY2X29cnP+r79XpqngCGqKR6iIRgQQEQIABgUC
SRo2ZwAKCRBbloAQ4E+aicu/AJ9w90lBNZNBRpoQ6BpSGi88e7GrOgCfe9sD/Qbj
xJJ4FifW8I0/sHbpaNeIRgQQEQIABgUCSR7TmQAKCRBTJs9AH54XuxYdAJ46GTR8
lGoMPK/hUnjeTZ0neTacyACcC6y/DMgkUi499c/zqq9PbIfq7+2IRgQQEQIABgUC
SVY21AAKCRC5W70/pDxEkvlHAKCKieHMrMKnD2U+43ryLJa1S1hr9gCcDnBl6uvO
7qcTozf9k/S8lYvOGs+IRgQQEQIABgUCSV4D6QAKCRAPRQomYhC/wGLfAKCp+OYb
ANzRA7CKs/3bcGjGmFet+gCffHlkrqm7ZgaBVl/2thvldg+obqmISgQQEQIACgUC
Q5ntuwMFA3gACgkQDD1PORSgpSm/uQCfUdtXgb+/jBVYS9zEFy5MNEssdsIAnRv5
oMNzdqDJ7F/UuU6hUm1QhdkUiKkEEBECAGkFAklbGeogHFNhbmRlciBUZW1tZSA8
c2FuZGVyQHRlbW1lLm5ldD4iHFNhbmRlciBUZW1tZSA8c2N0ZW1tZUBhcGFjaGUu
b3JnPh4cU2FuZGVyIFRlbW1lIDxzYW5kZXJAbWFjLmNvbT4ACgkQsr68QBUpJK/d
SgCfd8pn/9IssAFSJ6Of0/P0FCUilQYAn3uFD3C7SErNxiPJqWMowl6t+ThJiQEc
BBABAgAGBQJJEmykAAoJEFvmMcGZldJKI50H/iCJKvk1gi9oIiL6EISeuSngzsis
Jzcg951BN0GVCvLvvVwKNHD7+myiB2gkKKp2yv/A1DVPaZ7ZNkB4KEPLlorLw7iK
gb4QrqgezJaRcJ3zisTh6JslOKuV/7Ojy4DZOXVFsr7LSFXPgl6O29AEPD6SHjOH
0x6RTJPqrsccQ49/KBAUAm1oMmRhcE7jsMl6Y3gQGIkSxG7Pag9zj5qxeqljdhf+
QbM4cb9a8jPCSvU3RfXH531PILENGpprvH1oFforY7sNyI8AOMQ1on7Pnk09zbNx
lRBq73dV5RCBtg0xF6v4/dA/X1O1cGnXGAYM7Tp6WXifJzPssRySCuwTZvWIRgQQ
EQIABgUCShVO7AAKCRBquqSvkLOLWAz2AKCfHh162MhNPvfzMtvqR3Vz+x92WgCf
e16LZToIN8IUA2Sqyru9Y6J5Hlm0Lk1hcmsgRSBEIFRob21hcyA8bWFyay50aG9t
YXNAc3ByaW5nc291cmNlLmNvbT6IRgQQEQIABgUCSRKC6gAKCRCbH9qfPAYiMUdj
AJ41QcpKYNSt1tHNV3YATFcYf/XIKgCg7MFeSGbpvW1W1/weqnraMzFzLfeIRgQQ
EQIABgUCSRNG5gAKCRCQOE2aNcfpQnTyAKCdCXp8TBXMKajXNbepnP/8AcxuvwCf
ZABpYIEZ2up4mOTpQCKtAfuj3XaIRgQQEQIABgUCSRnpMQAKCRAtIatlZUYbeY7m
AJ4hT6Y9bnDyS2ZQgxDoe0q1KmeLEACfTNOmAvfFCPpJd5jefNSAg5hblpaIRgQQ
EQIABgUCSRo2ZwAKCRBbloAQ4E+aiXu8AJ9+n0GqPb0pLsFd1bHAnbUFE7wQAgCf
YuHmCCO1a7o1ZhOMmTqjQY8znMaIRgQQEQIABgUCSR7TmQAKCRBTJs9AH54Xu8TF
AJ46JXUYFXbZocbqNxfhfusocDncxQCg180xr/NoOPTmUqne1xT3CNb2gJSIRgQQ
EQIABgUCSVY21AAKCRC5W70/pDxEkm2rAJ9sBYuejJ4w8CXwSSiH56j26JnqqACf
dwaQ5K/fBzZCZO3XeHq/CGF+uQmIRgQQEQIABgUCSV4D6QAKCRAPRQomYhC/wJ8p
AKChOJ08LU1Ji+c0TdCrUS3xHPusvACfX4b7m9UU4KPSjFBt86Wy+7Tl/1iIYQQT
EQIAIQIbAwIeAQIXgAUCSrQLFgULCQgHAwUVCgkICwUWAgMBAAAKCRBvsh6JM8YC
QyLIAKDfzPcdTFN6Iu7MENRKHRgkhlWwcwCg4WwimtdbIuNUaJlHAaDCkXDOK66I
qQQQEQIAaQUCSVsZ6iAcU2FuZGVyIFRlbW1lIDxzYW5kZXJAdGVtbWUubmV0PiIc
U2FuZGVyIFRlbW1lIDxzY3RlbW1lQGFwYWNoZS5vcmc+HhxTYW5kZXIgVGVtbWUg
PHNhbmRlckBtYWMuY29tPgAKCRCyvrxAFSkkr91KAJ93ymf/0iywAVIno5/T8/QU
JSKVBgCfe4UPcLtISs3GI8mpYyjCXq35OEmJARwEEAECAAYFAkkSbKQACgkQW+Yx
wZmV0krGSgf/RlmcEUwth7OQkmpIGPeGbrfjpbuK/AV0+Q8nBJAsAWiMl1ydBo9m
L3oSh2D+0G3gLCyckgA1bcsNdtxMPctxJdmju3rWbq0cEVG26U/qeRDjkZafLa8n
iPReRVRuJP9uAgQ19cv7mOYjRiEjTqeA2IJ8J2RWLZSOf/3u4mWwjq6hMXKGxHc4
phKVQyjgRh45DzG3wuXa5FpHaG1gYgkUhIvW+RGPbuvKNKMSRIuXs8GzsTbWvNWG
/aAOG8B3gR48hQCq7Ja//+ebfKWWi0c37X09VHt9VlNrhWvKziDaofwsobbAa2+F
fby/1fBgoMVNdmtvXWlzugkQ+G3xXZkzdIhGBBARAgAGBQJKFU7sAAoJEGq6pK+Q
s4tYOREAn3tCOMDivfkSiyRdAOB8sjd8H76KAKDFbj1BkgeYIzWQhHxR0SHC9eoL
NLkCDQRBRI3pEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTp
j0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39
uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1Y
TknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9
fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCb
AkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAri0hN7wUjnkzDNOHs7j7
eM2VKdDxUBkC9287maduH9fEvD9wXphgJNldx2WCZs5jYHeC9LyAvcchXbiAhYG4
lfbssyj8B7woEMGrqRbxSxp+0PSydJ5WsBjeyptd7yUxt660/1DCsC05PiDBGEMF
IAYbeh05wWjPlKlcf3geDx6G4preUXnc/Qp0+A65QNDOjod3j1gQ+vTZ4cKNgDeN
nV/1tinJw3tokTbvyRGzmLLLI9Ht1Zh8BJsGtOuE6UKcNXwpclu7H+GljnEL3E9d
kdITb0YU0dU1dKc4yDJG0T5EXs4SGOeQE0yH3Gma8PmLm5psP6af9cCA0cx3sTqv
a4hMBBgRAgAMBQJBRI3pBRsMAAAAAAoJEG+yHokzxgJDfKIAoOLR5oMpV8OGN7ox
fieHH9qJZRmtAJ0ZMl/F/rvzazItoNsYRL6bE2wBlpkCDQRKtA7pARAA+I6Lxzjy
Q8aA/iZztRqNpIsKYEVC2rBpa1SrklHT+sM3Gqlpl6arTiSisFtjEBUC5oO50PUY
ycMt0AmyjQyUAP28G0E9Re1s0ws9kur8QuM8SnJOLekWQatnSbGChdAhIemX2OHZ
ir4avt4rLUqBUXR2KDjxlmabkQ6n2T3Rpv5t9+f+ihh+faMrJ9TRO2tmvpGc4wUh
IL9t/peGdUYO/n6c9SXHR0nQtmfmUcTC9uXlWrUVc+MrwzmSLag1ET9uM1jqHcYG
6JXVemPPAt7/+ykUftb5Jc5LgNhahfEOK/9n9LLuzFFb4kHMtvcv0ZS0g002KFZQ
mdZ4teKhVOx6cONyibYF5nFMKt9U9fkpV3WIzSdWhZFIvAYwhw3EoBPyEXilGp4x
85uF0spig03qqs4nYuJOjww+I8h2/JPL8Yuqk+lHZ5XH6OTQZJFE9U2roRMvJLR4
W5fZOtAb7zAT/ZenFEYiYNVku+3oCOD//NqD288xYhhal8iSlC1YMbXUNyYpAqaH
ad39X4ej5WGcJFuMQiSybnCeTIkKdOxwJDFVucPpPF77pOIuarodzftpMyhzjokA
g5jdLM9F4zhPu1wbzNZb89/lGqy34ElZlvGoXi3e3miJeSLQZPPOOGSetC60PiYi
Kr6iXpsciDOnqaGb2OWt2bIWaXC4pQuYVvEAEQEAAbQiTWFyayBFIEQgVGhvbWFz
IDxtYXJrdEBhcGFjaGUub3JnPokCNwQTAQoAIQUCSrQO6QIbAwULCQgHAwUVCgkI
CwUWAgMBAAIeAQIXgAAKCRAQwBxaL2BZ59mIEACjehSxvyNSI9z1JQv1zZYWrEMT
3hN8Njr7bcHjkD2JG5SfZx7Rh+aTahtv6qBkoZaSNOIycvRsVijqOzVeL+zNJm1Z
Ql1YI3ZbzBVnS+5Z6HIIMCQBXo0HGJVbccobuJudCwbwbpxIcQm0HCp51ppAeznJ
tCHLWqo3PawnNRf2jYVTFKSdMxtZMk6fYcbzek2wkJWnDMeaHE1sy9M5+kGYW1H6
2MH8WCZkp5FWGTmM1yFyLCzebCfUOD/LY2OKloHfm0Lzqj1q5My/S1UZxjq0mCLK
DOc1naI9YNYJTMyv2aiXUaqqgYXuhWE214qc/KF/Ipgnm3GsWZ3y4Roqql/sg2t2
FMA4qqJvrGTnNIlxrypKpbTy6TXhdDFU+2mY2pbEP79mLG9uEUJfRX431pr0/GT1
s/CqK3tQCOFHCCIBVbTPs7i5S/QiLBo4PoBwxNnYWQ2NKn4s5Ry/QqAFlAzN6SH8
TNleAUZ9cTvo/5jKHYY5mC2b5xVc+ChpDTu8EZKHwADSFmKN1iOcfNwRgx9+9bdz
Ua66UkhT9F6UF+vy3mo9o+lOqbgAS9qgcYbHLDunIXN7uP/tNfX3/qXmVbHPbbXE
0F7CiLo5jG/KdrJObrJr+jylV96Fv0QMaW1R1OZGeacdR6u5jEHWXy7OX3+GMplw
R9Ns+P0Zksz2ptF2+bkCDQRKtA7pARAAwjRJMLOWK6AZm7vO/PV39NOoE5eS8w/x
3bd7AKfYgnz4LnDvpe1PsW6NVx0zCUMBFX0vkcd0W2i2ERvoVOxbiS0Af+TWggzU
bqsOSh8kLSVB/s6POCKqnzMxvGjknR4Ncq9sSh+EE5oEDjQbv1tMRGZma6Ok42Dc
JJNqcFytsriJmT1DsvpitahfFpt4U7ZDxPhRUjRSGnhw6Expsf9EYrvyu3TSU6wt
E5UaZ9iunetMwed2GE3PtA2Eg8gdBbqV4gMf/lxBp90O3jYtgVesOdL+a+dUD/M6
bYhX5THxSjQH1fMUuTLXkHffGEuaqnfyz6N4EuRxT0Gki9JN0Uwpb+30DR3GRapr
9DlqYses5tp6WMYarEwxnkmudv7l3oVVxeSbm2BYnzEi6WxlWana5huYa9nMnMbI
xYmNMyTmkYrZjfyVmzhi4sK3DeLpCjchZ7RRuYz2hZyXcfax38iTXhfXIL/SZWXh
cSelqiAIZSjrh9yvP6ctEjxOmThX0aNGFMb4duSv7IjnDy5utd2jscmO2H0PDBNr
4J+yNJgLYPWpvmBQ2mxqo/N/aHcGXc2b9k9plB58mxUyRQbjFhlimLLWA0unmRJo
bqWz71CpA7oP5jvoHaPqUihfWEugzOUbQnUzSauDWWOdMqQW+UUo/iDRz6HCKdlf
ww0288krLusAEQEAAYkCHwQYAQoACQUCSrQO6QIbDAAKCRAQwBxaL2BZ5y3tD/4t
+KCuXBNi5alBCExHEzveMdRF9FJrSqJEX0NwGFivF3hQ/HJkrcu9oTJC/tXNFf/+
EHOd0lMiyFl5PBSlhe4XS988rgapUW+ee9tQmAt+RgP40fdKdJNb6+9NYGmrdnDU
zlQtP+h/XBOcmF0/szK/U0oigg8DjYYUm5gCWXOl9H4LJgg+yOcVCOVa4oTf1sdA
mQba1xlMhOIYBWmEhqbWZpGOS59XvpyNfOQXWu26S8HACBqyPZ2LVV4H+9cmxinT
z7RX1yKD17nLZ/fTOzZ1gYTbhg5rNmFpDgu3nlgU8SpGQ1kd70ZkcudgehsUe1Ep
Pyl7O8qhj5H0/3OAmRXzrq2VF17gtz7zpntA0JqsBMbSaK5qBuBcurLhBT634WDI
oE8u5Em1UwjgTI0Cx/lPxRTbIb4PfjP2b2ik/tJaUbwUrhuZ4LAtGztMVrF4W+qn
x9oed4OFXMBbwgS+SH6oAHlGwpxhhzXBlqZsHXm+w+2oazWUhxFFGEe5U245GEtN
f0AznBMDWTqg0SCVEDjlKt+e9tVXkTpHYWZjGbRZbEHkCbFqKhq0KP5BGInFZTFT
oI5jjszmuX0W/yKpRpQZ+GuJnt4VrYSy7TMvjjhIpuhDY57VUwUIkz/2Kq8Vg2wp
Gg+29nvcGOTdyZUcTCEB33B2jQ9z0XUEp+6B2F5iZQ==
=hSkx
-----END PGP PUBLIC KEY BLOCK-----
pub 1024D/288584E7 2008-07-02
uid Rémy Maucherat <remm@apache.org>
sub 4096g/4B6FAEFB 2008-07-02
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEhrfkMRBADbIagwebBmnRUKF/g699t9ozZeqI75uCkHoqwji1rxVDSeJskU
DguBbC9kpMT6m2Qr4MRYEHItXccsT5FPMM94P0VF7zL8sTCNRmLsLSq/dX4C2YuX
ejGaLIQ/P1kkqvXJc1BU8tduJyo3FNaAGjGzWmcx6yDUq6NVFaKBi2GdowCg4/+s
rgxoktNz97a1KRVyEkjGEFEEAJMl73H6AyimIfKoAVmlPlE4KZvJNtmybF3Ws86M
CAraW9j/yhIRkkOiFZ1dKnxpFPBLHImzfXXFIt1/vJm1PCQUx2jaEQXZIMl/YNU3
57+5AjkbjWD6pKG7axWcsuPQ5uTGmqAspBNscLaEbqA29luDmrIcyL6SD8WW9uA9
KPyCBAC9nCXxKyLsHLqluHAi0wld+A5x2q7RISkxDAuveroi6AYP3TZof4FEi9Mt
hKsw7sVJD6Tpnz7qqSWx77hCeNVy4t10u11Jgd2s3ieqh4Zt5WKmVCdsuubLE9/c
WsViJopWYJ2YOZaPtDi8t7HFW0vjVTYKG7zEpURgYqHZr8GcbrQhUsOpbXkgTWF1
Y2hlcmF0IDxyZW1tQGFwYWNoZS5vcmc+iGAEExECACAFAkhrfkMCGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRA8NwOJKIWE5zIHAJ9T+cL0L1oABSUxS4ae9UQI
WB5hHQCeJWQhnEpBzrQ5EmHCSeoGDhl9Q3KIRgQQEQIABgUCSGuIMAAKCRAPRQom
YhC/wOoBAKCeWVTg4wkwbtGwcY8IdBZhYKhvVwCeNXq6lQaUa4l4sxxjBLS9MTQ0
0vq5BA0ESGt+QxAQAMQMOJ3K9Z6gAaElTt9ZgPtdQtztA1iDesRmrN1ovbKmGptl
Hkg6B/nRZXIgHke6TNfXxoJ5MOj1pHZibyC4G8B0H2dKieR+yw+P55GVKSDUMGuk
ewBWdbfOLapQCtK5oYvWHycRFCttk4QnXdTrtwbSXYIC0fiwMoz5OF20CQloqFMn
k7BVeKbppbiue0Nu9oiWBDGA9WvjwtePVGAlIQ2Oh6ubt2Bf+lfiBE0E2DjMRcYn
/M+qRUI8LsoISyxUWoYEB4wZxwiPQYaxVUdiOWDlVR+jgYK+GIMQtTaFqxXESFTR
6DXlGGvpiOpfTTATuuqgVd5qhOXoLxyB4J7987Puv/SshCl1Y64T9coFkmAce2k6
eZNJdbKvVffPzrUjBv4w3poN7iBs5N+g655s2bHY7D6yIUIGIh19NsLroYDHlC4T
vF70SP/1l64T8w+srgynHDGYPzKQLdTq2y43YSr0RIVARNpUDQ385/aCbBLze3Su
v+sxhvAhEIWTL9XTWiTo32RR/b+uMNsbWF9hNLli+vI60kgduyw0LbHU0aIpbIZk
5FaCLblub2EzBG4MmOrFX6VTlkWz5I/oIxTM7yesJV5aF6WA0u9rhQy1cvgj8dHa
h+Vwf74SNJiR4OZrV7Pl1uVU05MhO8YQx50mEJRKNe6BA+vvQW4AW7w9zz1/AAUR
D/9FXBgYltaBLgzftIctM7MAV7CXNDvXBmZSAvHbfa9iLEHc+sQGmvpWYHJ/uOs5
GbOxZcYCj7qFTkhCa/jbwO6PYkneBbKfZf3L4lXXaOi+pLOn+LD6QvZtvR6WLYue
d0akCTc/vftbPbsk56PqV4CFGv5vIzEkxACAaT9nchHH+7iHLbrMj9+XG+k6mcrD
8knF04xgDN5P9TkngFfabLPXXpYrJ8ZpHxUN2Qrh06P2dN97vimYXCZB87lUncHu
WpFmWOS4K1aF+Xexi3mZaXdRwGY1oPEFj9lzhUe8S99eHFY5ru9xbV5uPei5C9xo
qVNf6D1UaqqJOkShnvYlzFBUliYKqE0ksE6EXa95qAGqdm5GxXqjsQEXZ3IipAW8
HUSeX4d/ze+GHs4hIT2ATE0ShANoVq0boeTzn9zWXleHO75L895t01ZeybJofMkC
JHuAhV3LbtthMlxiBrJwkBenpP63i/Kyz9GeafMfhsXC9M2FtnEI9ZSOlu9/ZWXl
f21tGr3pMXYuWurs7GMwZzzhELLhQxgG15p5MPAzWWlZ/j7nXJ2pQWZC/zL4a2DA
hTHsiZd36PIoLON5IFXxDjKFHKLSPH3xNbXVQArNEyUgtR6WUUeeB3k6DCbx1bfJ
0UVWWirO0eUtXCm2dHFD3WDq6pMUkRou5gMrzSjCxh6mOYhJBBgRAgAJBQJIa35D
AhsMAAoJEDw3A4kohYTncYsAn0ULUIAZf6x+A81JFu6MsqtrZxkRAJ4uWAXFhEtj
SiHKkU7BarrCyjm1Kg==
=1Oke
-----END PGP PUBLIC KEY BLOCK-----
pub 1024D/0D811BBE 2006-11-14
Key fingerprint = F3A0 4C59 5DB5 B6A5 F1EC A43E 3B7B BB10 0D81 1BBE
uid Yoav Shapira <yoavs@computer.org>
sig 3 0D811BBE 2006-11-14 Yoav Shapira <yoavs@computer.org>
sub 2048g/286BACF1 2006-11-14
sig 0D811BBE 2006-11-14 Yoav Shapira <yoavs@computer.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)
mQGiBEVZ4AwRBAC9WDbCjRX9Q81Con7cycGkkui6JZndLhX3Jbzlc/eHG0/fUetP
0c5ZdIvTyjj+L/DRI6btrgl+jR64qkuapsYD/KDXQGkpK5zPpmxUPmXJ5tfVTbOj
gacUm2cZjYjSK3dsIs4sDUqNYfBfdwesJ+Hycc7XqkTF1lO2MN9yp8g+4wCg0W8x
/ZYCTb9D8JOPzfSNf8cIFCkD/j5GXA2xlSXuAFBgWpFak5OkeF8cwEkv0CQ0zCqP
R/rTmDGO/73dpQEzgY+gLMSvtkK0pVEYaE15lg2mxma9d0pGE+fmsu5w7SQUip15
HN5E3qP/VB4X1yp+YiHPGTDjRgJm+xbvTGSFFr0wNSSYCVpVGdYHNmetYsB5JqkH
YmiWA/4vnkWnkzQeUNNPvep0lSrEG9jiON4k/d5opWwjxIP4aev8V7//V9ASzznF
D6eEL23ePX5ZuKLyDeOSRAwaPpa/Rp4AkiUGzKK21wAwKip+lcbT5m2ButoQhgNI
ZlmnfhN7E2t2S6iS9VzHEo1S8Jv9uQZJ89Tp5fiFe1pXL2qBHrQhWW9hdiBTaGFw
aXJhIDx5b2F2c0Bjb21wdXRlci5vcmc+iGAEExECACAFAkVZ4AwCGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRA7e7sQDYEbvgiLAKDHEgeJyxlrxNJ4m51jOnhG
xlsLOQCbBWAdTjpMVcNqmd6Fa5fgyCbh8XS5Ag0ERVngFBAIAIEVU1iOoq4CyD3I
f+AChfSFAgqjKmjqEyPv2RDLPkI3g2FvC6HvOlUucIe6IjqvTXztdxSRQu2EGq5i
W8e5ajTZiI9ZNs26XLL4/q/gYRaDjUsI7J3PAOL9lNdws6ZoqlCh44R/cvekuixx
HoHGskGxAHBRdjv9Oqy4x5hR5kebGq9Ayf8CQZ3l7aRekwlMUyCsmMkNxmqMls2g
ViBFD0/9a/xodE2VMVMg5eQ8A0enlrGDghG9d2m586JtOje55rMVnVPkEuNkz9AC
DkR0CiwQqX72Ub10t/qcNqbDeMHFacOBYRKfS7Qdm3/jb8Tc4jO/AXFcUGbH5niz
pPGs+UMAAwUH/1M2unaFyfJddVPQRZCJEFxdlxkg40tewgjaNJLwnqOJXw1RENNM
bSx4Gvz8M6WvZtkvITt29P+O4EmGq+LYTKmLM/E399KuqoZGbyCu3Gm+RIxKmRkf
Y3izseOhrUX2ycUIOF1BFzIYs6HeO/sZeba1bapOFo/xS6NwnuJl6uXUmynGjVtY
gvQ+dLYAcDXUQJd+QjyXdsbnp1jmdSrqqscPGOquRAw7/sp/ivom4DDHMTz4HErz
NfHzn4z8kUE7T1EEpnFU4SBiJkpm/+yEhEq9hDG2GZmxfQd34iRXpC5B4ZbRiwW8
p/bhzvcxZcrahQzu5yyq2+kGhK7IA9APFGSISQQYEQIACQUCRVngFAIbDAAKCRA7
e7sQDYEbvppSAJ9+i7TzCNvZ4PK/odiIWeZ61+KKyACfSjQXnC5UbxndwtkOzFKf
Io8ZP0E=
=xT1M
-----END PGP PUBLIC KEY BLOCK-----
pub 4096R/731FABEE 2011-05-27
Key fingerprint = 9BA4 4C26 2138 5CB9 66EB A586 F72C 284D 731F ABEE
uid Tim Whittington (CODE SIGNING KEY) <timw@apache.org>
sig 3 731FABEE 2011-05-27 Tim Whittington (CODE SIGNING KEY) <timw@apache.org>
sub 4096R/461B342D 2011-05-27
sig 731FABEE 2011-05-27 Tim Whittington (CODE SIGNING KEY) <timw@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)
mQINBE3fcdABEADmpbGMmnQiMc4biU+CIhV6EJ7lBaRzXzh4tJ4eITfw6IbImDRn
0JHZNjeE5zXLeH0PQ0K8/bYzFhMGwQOgvZETV7LPVLid6F9LbvDnItcWyoiZ+HPG
9SNdxIAsIVxchW6j/4NcIWaEwJks/+3vveBbRc1q0UgL5b72Yxpwwk3o6LMb08vJ
wn0LuljqM/+MHc+/KuxO54jJZ2OwNbKr2cxsYwVCpj+vEF6wNh2s6v+5VLs7NimN
UufiKVGcz6fceza3eYOS+0aLe4JXUPfmbad55x7H7wGMbfv+XLsBUKJ9Bz5nF3QD
jLwGBId8/K51yXGqZUqwjzTkhIalJeZEMZuAxGkLXsYM47OH/BGPNvqfcX6X+17i
9urz5go5kWQJJLGiBDVxiwpyrcZfrqc2I0DicLUsAbdyd6q6gkEcQKLCFmm9GTW8
c0Bb/kqlfGnDcBBl3kwK8MvvTeEAq7mteZEEOu/aV+417qDx+dNzFIx/jVjkihnC
O10vIXKmog8Dy36gNuJdnqsNuV8oGK4vPRFy80XajmYBl94xfR/ZsWWo7y66UGQr
NsCrCC+DV/AlDMJE8fjoLKyTtGnu7U5keyiuUIPvDurbrn2JKGefRnlRAoXRWdiO
nzO7vBbfOQ4g3pjUwuXqQTBzqHwnL9z8gX/MR0Wm5RU+B0ZielPkrt82YQARAQAB
tDRUaW0gV2hpdHRpbmd0b24gKENPREUgU0lHTklORyBLRVkpIDx0aW13QGFwYWNo
ZS5vcmc+iQI4BBMBAgAiBQJN33HQAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
gAAKCRD3LChNcx+r7gOgD/9DgtptXELyFxaazptqmNkjIp6X4JKjl1Kp99Aq2wwR
4DdHBbZNN2qpQ+Q66klxWeJRbf3t2z/4oCkY3G9g+UB0NTgZBcBMl9c4sDxYzlC/
B9GaHTByaXLWhqv5I6IAiiECiyxhkAVHVqDYjpg5voCD0ZcYSWX9IMZLGAlBU2fe
/0g0QEaAV+4SSFsnp7xGaEwoFQd7VH9bS9Q8mdCPZf96Dz7S8XlSpm7Wc0Wvsd7z
wXGqmBZVQ0w4mVhGWeaaRUKuVn5nDF6djI+Erg079Vrla6pcXfoBiIugLOUhvvmv
Zb5yBi+RJ5CQAnb8ApKm1IXotUCq4GJ05SwDR7xvpS/s8BKIlXmY6h64q7sy66a1
SdRtKL5dncVptknxVzyw3QjEMt9Q9v9W5kgeSabebjAztzPFRR9EBxWkcpL8lwml
bTSlheb/+fsEiE0Hw6460xCLPtLFm2RnigdacQgSffhtEzZ5OB7aoXRG/M1McN1v
zrjHxg8Vo7stPiGSSvWQKZJQFvWgFUbugoOum5GTNFJeHwlAyjBydkLJ0A/nwUgD
efXMV8a65+LUAFVJuEgnOw2Ut68bU96KOSHbNaauErqiWZlcnJIOqD3wRxB3OtBc
2lFL49n3bJ37k7CuhEZUAgU/cqN7meH0wo1aI4KOfo5PHm548qckLi4P/pAj8jHL
0bkCDQRN33HQARAAzeAQNb4AfB9v4r3qrN3bwF01VdMpVTaQl3RaJKGbdO52f4gW
8iIfR+Xc6ALeX/1ADsH6nyOuQ+gnTpf4Gr09Lf/EzcrJRN8okVFehjuaahWYdmbL
rln3ZorzbLxHp52dvLS1EX9L1+MEgGuUxsN9fDJSuif6f7+E/a80Q/WEbQ3261lB
f7GDSGvr3xz6M0OlTS08YgUeUsx33PQRHV1TU9RTSASsivy316u86gxMp+9PJ+6n
m99iNvZB1VXpthG6ybgyxhheQv1o2SBAhJ3Ee6Neds1kPkLiKiAbGq9K9IApqC8X
DYZ9FUYBT+CGm8KbU8QS10wJuIVIXRYuvNZBjjhZdbGIGJ2CGIn9cO8RmzDVVu0A
Ch9gCGh12Rsr4uZkY9tJ6/+s/ipHuft1AnPETbrET2Wm1rrUZ8sFykP6cOwP0gen
MNEjTAHnLE0x2yAjFfvjz/y0H+gMQqcbmyGvAgY0URl41+5+yxtLVJIcuszut77s
DV7sM8CoXz2I8/K+R/lB5p8d6AriAV+iYqzATmyfFD27GVHp18wTuyusfwy8301q
CqjZdR5cXQHcp+/yCxz/I+PXx21QE4e3nY8YpC6PWFC/XPy7s6L71uNauqPi5WwG
1CeYEwqd70Ds3aeVErYZxYg/kiInfFGnXjUplvz2goT3LQFWHFS5TN0sUqsAEQEA
AYkCHwQYAQIACQUCTd9x0AIbDAAKCRD3LChNcx+r7jscEADgCt4SmzeEWuU1fZYx
FsdnC3wLZUU57HnGMAQdxCzC6lMXNHUiS+y8of1TEYccjM8JK0zSTwnizhbQzOkh
ICR/0tGz3qCOAZjv91YHs5RcLzeWxbor29my4VlQU6vqEwOEPwFz1b1Grp2rbwhL
hot81tqv4PP/wn3ES/FIuTALZ3/hgunfGlO6FGZC20rtOJHd6DpX2ZPeYi2mfYom
KF9N7F9q0WhYn0GvMyV5pqZ6Ui7N8egvw1gokUtO3D8lWnjZy1BmbizozyLmrG13
xr280Juv7zM0Jy5YR01vsqfvClBbczBzoEnkRijMYVJgUj03dr5Cdn5HFRfA5wLD
sNuSYKMTL/WWNQgIp24/MLxyYa4sVH9WMh9a7BbdRHJEjVR2HTA/lqrKVIfR6NwT
6DhThBA7XxGbQ9nuBOjClTpRBXyCnFN+krmyhvVk3caVcQu/BbaZZXFEuKhJzbon
YrQkfyvT/rQoM/ufLlIIPZgpKxP96a9zF/eyATiamAnU7idEHIZ0Drrj60vz4sPH
A5Ty5GWKYSZa6suPaalqZ+7dpD/UWiNMzSX+YPLQUW9jH/k7zuJ9aZN4AmIkm30c
YB5npZhfo59tF4uuvKvYKWghrF8wSwEE7F4cJAuqklo0TArBUd2WB0Wl8kAWtThf
/PLn/VX9dZEFVPVbPapJpkNv8A==
=Vxhw
-----END PGP PUBLIC KEY BLOCK-----
pub 3072D/0D498E23 2013-01-14
uid Mladen Turk (Default signing key) <mturk@apache.org>
sig 3 0D498E23 2013-01-14 Mladen Turk (Default signing key) <mturk@apache.org>
sub 4096g/DC3D1B18 2013-01-14
sig 0D498E23 2013-01-14 Mladen Turk (Default signing key) <mturk@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQSuBFDzsBQRDADVTeaOjvWuZ84mWFi5Rj0TmnIOdK9evO+6Bnr6eI0MCKxLfEYu
tpcq3hrIN/sXoVJW14Kb2Vm5Zt0PLWBmlQoi+99QwfHRvrejQnYA5VCGql61Vkbz
NbpZ3Eq3n9d1HOLhdRnZAUGYtFYm7etkdpUZSHOErZWdiCebc8Og2NdWU4xIG6f8
16UxuzOWv+fPCtSjciHxYWmzrVc4fYNTvJiyN5OtJ08dCaRfMeAMqec4fNMOn1uX
KXuwlFsHk5ieK4K91RP1zSGQEe1gGaMDSQsR6wwmnnEoP7QzlvPkr5gni2+uGccl
UCfejUUQaBsEXDX+S9CesFLv/EtWMgjpnyVCF+uSCrj/pMNHJHX1zktp79NJFCJM
BrifvthC7cVHl5eWVTMb+xFC9leEKcUPQj8GQmUlXKd3iiUCQEhoEAk9IC0cVaMq
2wp2lZRAK+7MSO+iLYA6GSeCBBQowCC8fvc/1ihZ+JtcmR0uqErrLRpSfBbn6Ynw
K6cu+Dd6zRBOegcBAMIQg3biwAjnP6AhB3Ul8J/Jlk3CL/v+ChMUuwTGgDKlC/9C
kg3KctWPhlImHATy1STBBqIoebYxe+CCxxiukt9gp2NCZOdm2ZU7weT9kS7DYQz8
scKcAbSFBTILSeDOHehCb1Qz47H3JfyRzv23VoJ4hA/0sfm1kWeqXwQEBkAtZfrF
/C/N0Sdnf2OUf7LsEDdkaVzkVQVJZLzZGjpNq+W8zoHhOOi1KwIzx8y1opEysmiv
/CitQOhnLJT5odM1a+AimUjdgyQ0p+U1EkcAnLAYD3UIKMA8wnGzfJZJ4tkrYkBu
YLW/lyS50ddhzPniz2XeCc5SG+tCi8le4B+qZb4GhC+nKXD+heuRXA+45hQXEx9M
dGgsormYKnCTF5v3Bf8sSnId8nj0eBbKZFJhUBVgNpwNrW5QjYfJHGHTMBnWy/Jv
SF3CnWwg/IPTNcX9ctxL4FatpPREXE/Su/4/BDjm3R14cCBfBeiVdcRZ6J1TLuLP
K+qcT62PHqd/ibthfkLlnuehr4Qsfy75UypY8/2zrLz9QCIEo8MEFcUicfc+HB8L
/1AYsI4c1lkgOU8aubasn1GpNrvyz5NrehIPevPEjSeBGJnOxQEtWKDrD8TMd+Or
7r9+SLGVog1NYnkhzdEGbO1m/VXGk7JQI6UU5Rgu3PaJbfBPnON9kABfDnIQMqH1
LeylZUqAnnv4Fa3YtiQOyro3FM8Gv+r2E40SgIbX1bLfCzgqdYpDIIK1FLfCu9oO
NiMolC4gl+zOjCQ+ilV74J4vODBX701Zg3nM9WnQcXBBrNcuz2ofTzg9wm61zjsE
JSRPLIaiT63cyV1kvjMN1oAkCuc3Am5albC13mOAryEF3UB2ROrc1BwdBMC+aQ/z
BLNrxEeT7M1YiE1cFnmZZdb0X6pz2UWsiBgmproRriAOzsMW3fToJxcMykBzg/f5
6QCgoCbJ6Fv0UC1yDulnujxFXRrBPH7PCxeRVLi3cH0sXCBZbHRMRJDhyFn137Br
qKiP+UTPNgrj8dc3UGi13RNApHxYBcBO05JFSh0KrFlJFBd0jITLa4LGGUC08RDT
07Q0TWxhZGVuIFR1cmsgKERlZmF1bHQgc2lnbmluZyBrZXkpIDxtdHVya0BhcGFj
aGUub3JnPoh6BBMRCAAiBQJQ87AUAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
gAAKCRA1zSPBDUmOIziZAQCZD/YvZ1vrxmwAgDeJoMajmvHpWJPECkUzF0GFLW99
CwEAs0ZZKpwqQEEewdGocKld7hEvlbmvqllrCNJDkeDdJPa5BA0EUPOwMxAQAL6j
2zs8UQCVhPxf/RO0PhLqTPk8/6NW/W9uN1QjxPtdFaDmIpkIdY6RI3bo9bRlKf/F
vWWQfteUDhRiWosE/ERDrLDoFzSAKIEE3/rm1jYTVuWbfYnBA+zHbZmN0KgV8fbh
cLxt5qX+YTIp9mg2rXawCc5j2vQvPmCce/JkaR8k4ZF9XhWIrpH/afH1LE3ExePK
019Zo9thP9dw+IiJGWmL5v3JCiJDNmmJwqSKtBDMRX/9ygIZUWABAmvPzsr+fkee
FyPaezwtj1Qx96U+gZJiYO+eW8f2d3PrK2hC9yc8vD+N6w/ZdD4UIMBz/sSgmcD7
WRVs+j1KpEzIMVwxJY2V2bcuqDRKdPrhOO4zen26wutKRzZF5SRx8ruRE/Hbxmqh
H2teUtN+3xR0ARkbVDrTJwG8rvsUex5pzQk/z4V2s1Dm8ihirEuDFYE5B7Hpht8U
17JhVH6wIrBvwMNfd+Ac1mlfvBZ19JGOnjCwkR9o44N5lx0BSSndJVnrjitV//Zf
irASTVc/GEw5150kkZRCkaW3Hn5KMysGNXxgFf6aBbgVBlR56mNHT+6qbZV3Owbh
i5hSSKqxXMPsv3XEANg0isdLiv3E4/KxozChph+93EWuZwdrD0PbBccyJlUCywaj
pMBaKXzRDsuZOImi3ujcZbqPb0bZW1eZRpQ3LePrAAMGEAC5V1gmisUffyR5I3kk
HBcEkKW4fCQFZ/FLB6cQi4t9sunOYPT56klokhSIE0AJq/ndkOLz9eW2+D4RK3aj
IBtFTtBnXzn6nGbg+G9cpwPCpcWyuAMsiPwcFItH7mbcD9h/TCXJE+ILyhXaocOb
n9D9IsQ16WAIIQQsBbGYMvaemJv4xsZQrLhCHr/ofHye5huEBn/wwyBKnTCLd+P0
AkF+whf4Vl3yF4W3vnrYRFjU0XEXnVQ/nmiQH3cM0JxkVy46H3Zoe68Sjt49ZJt9
eEWH4M7KyJc86DWjRl/YMNdHE9SMx0ReKJTTNATfzgWIMvH+xUsD9K85Evm70jxc
13XziHwL0BjtMQzml19f/TDCUeLE9FiO5fyDgc6ueehsCxoKCvG8acQz25rkAJBv
i0WqdFSJG4rrJaLEwbSDkAkpY9yVk73acamwa42/E4G7v7sKuGVHzW5xBX8ac7lz
3CqKw771vWGZPgd8v2FIkk5ShikVyKQxnVADVACy2eqL8A8fmQMRSc/FYVMHfo0O
MD5jeWWAIPo3g8bguqwqyTC0DQo60Y38t4lyXxAvg5oWvwzKdrWKwm/WmQJaJuk6
TufoONXlsl0cc4LLHZESIwLRSP5YfxV9chplmA92vhekV0f2IchmJky/a25KEIRH
OdCCQTyOitoKXYy2swx9j69Q7YhhBBgRCAAJBQJQ87AzAhsMAAoJEDXNI8ENSY4j
plIA/R4QYFbde0Jw11KjqAr1AkQHaume7p5mv7Vt6I/D2CkUAP9i2PGC8mgArtlP
XDH35tl64G5lNKNum0D8NSGV955R2g==
=gxY8
-----END PGP PUBLIC KEY BLOCK-----
pub 4096R/D63011C7 2013-09-19
Key fingerprint = 713D A88B E509 1153 5FE7 16F5 208B 0AB1 D630 11C7
uid Violeta Georgieva Georgieva (CODE SIGNING KEY) <violetagg@apache.org>
sig 3 D63011C7 2013-09-19 Violeta Georgieva Georgieva (CODE SIGNING KEY) <violetagg@apache.org>
sub 4096R/30480593 2013-09-19
sig D63011C7 2013-09-19 Violeta Georgieva Georgieva (CODE SIGNING KEY) <violetagg@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.21 (MingW32)
mQINBFI6WiwBEAD+kkswnsY8eaqvYkS+ZB5MJr7juWrv9Lw9OGsIXFlTvD1XK01c
E8k4+uA2sOtaXQ5wTMdc5N3YzAXqFxplWuafQgEvhyTTq37M5YCxvtYEZy/EHQYT
iok5H97lMRKbhLdZB+wkdsa0P/L1FveCUiEawKY/Rrfi+UeRAneSV+m7S+RrPphZ
M9aNSczqYKfAqlpUAlUcrF/bt59vjhepoHcE4ev6SB+PCs0vbvX4iTvvZCTk1lZ9
InS2wdK80Jz9pRB0Uf3LEnZxt9e3RkIFdQOCcEISmNlBKQQKFG+zCpIAbVoMLKEw
rXWl8mLzGzBbhGmLpFroem3Ln1YiAxUqnPR/MoBquYnpTINwePgwKVWyQ1TXG2MF
Z7DPayBMN+G51rfLS/8iy35pAnNeqbWQjavdUis6/0aRMv5EYMFMAerutQ5v99bA
rGj6OL3R6repJLOGT4YWcD/Tw+eU1lMWxbq8BbbRU9Fd0iVFhFyKB/DQSxofvTCe
PdWXRrptrE0/SmvuoTRVPmB21WyJenKdNmVOQ6U+W1Rs+5IKAdWWrGPcUt0qTrRC
SL8vAQ7MejYLovFtRHslJRs7T3ratpRcQUNOx1jytJhmSUJktNWZWNHqBTe/eOAU
Yr+QAkQVQXvRVWzHkDHQRTOFmNYIDZYRkzSP19sBWRnYdCs6CbIVPgMJVwARAQAB
tEVWaW9sZXRhIEdlb3JnaWV2YSBHZW9yZ2lldmEgKENPREUgU0lHTklORyBLRVkp
IDx2aW9sZXRhZ2dAYXBhY2hlLm9yZz6JAjcEEwEKACEFAlI6WiwCGwMFCwkIBwMF
FQoJCAsFFgIDAQACHgECF4AACgkQIIsKsdYwEccMXA/+KMQKWfw2T2CXLhqvQLoh
Irj1Vi9leAttKqKp2NCHLK1jf1qKzUx5U81VvizIGUsDXGlAvnnavrj+hmQqZdsO
CoJAo7ViIR1ZhNca1tFK4Sy03wdpNyUkvxVuC+3peXmwhjPJoqU2ONCuDl/bCczl
QAQpgZCMO93h45U9H6JkjqK01aDorQHxvXo+Ap2IViQvDkNtJ515vG2k5K+x2XHw
Tv19wr5N2rz407TWKzS5hh7QHRgg+PZs/zPf1YHD7Tg5K6vvmZd+5EsDrse6tZXy
mzz2+8Yg1SNa765Aq6p1uAQf5NKeej/25TbRYT7RyIlgDXPcPrKxy0cKzpqFqCFs
jJEcN3NlQq+f1tOvUk8cQQS0G+Qws3EU7I74z8KaUfqmO/5ROrXLS50cKC9CODO0
UFY8FbJDGzS5cFSBlqXYLeQvaOMg0LsV6wZLu6brxEsRYjSpwM8yBFO4bMcTxt4P
VYtinNZ+6ude8mMz6BK/0/XbAL6rc5jwO2xj7GTCFNRTWOa8IGtwqg3qnAiHcg/V
bTBQCOmzMujHBXLnZu6vg79BwzE7Ikq634D6HEwi1bC3XuVz+7NqdUQAGPSapwUo
+0wC5DVwdjhe1zWcf2Zc45HWsx0HaGW28x/tBrw78fgwrSSyV2xunbxGpVaaysTy
Oini8V70uLofn1SHtxvEQCm5Ag0EUjpaLAEQAKV7FnaAcxkzDa7zjrAgLRho44KM
+lBt28+5KO3Jye1Lpf2+4aspu0PXkGW2Twv2tBQNZYs2CWF+vnHNUDuU8TkSpPt+
2PRSZrQ0K+IpQF/qY3Wf+LYWFNXk5/wHJLGiQv/008svtupng6Ov39JwCNQ1iG3d
nSWfnqHwQULyE7JcZf1It94G43+6NBvKakstOdK7d40dVhmRIKDdJkWhN3MKrGab
FGFAF2Nb57IugQ9QO6Ve/BnjKZmJg7TyUZk27LVTC0aUQgGgDOvsF2Iw95IplCZ/
jVbwdBGjeCStvI3c0DB+E2xwJ0g2Wf/CBLvmU9GKOW0toBfRUXFbfzNTJfW8kglt
pDuELsVY5vHHxgujdDInHuTW1930zUw0cNA2+ai3sf+UGejh0e3nGfy1uOK3YQ6H
2YWgqXlOkri9pMlE0NJo/3PW9QDu0YRplGl65k+GtHD2La1akq5V5Et0VNaOypBP
OqnUM08LofAS126Kerm7uBSUQDDV6t1VTOBgPW5cJF9I8kdp04pzj4qb/3fuOuGc
kBRfmO/Vkug8U81w/TnxX6EYGy5fyA4JFBJl++waPS/9dXhVnA0qXEivzw9gNQvC
uXYcM3nm4yUrOouC/OlC1cS+6Wxjrx6qn3NnsVzMCtefNK93+TdheZ0cJrMhJKkW
v+qttOzPIleqvDK9ABEBAAGJAh8EGAEKAAkFAlI6WiwCGwwACgkQIIsKsdYwEcdN
tQ/+L8cw9Z9tfrqovO1fGFQwCSaomShsbjoUb5AR3Hj3OuPGwXd8J62mrw+RnGN+
0w2RyTz52izYvcoB1jmMFQwqi7vM5KCbw6KA8oRX58WSqiWCIwpbUuTODvJrSXjX
pz/J/d+PVZi8T1HAu5HxDqNC1XR+eUd1xA9Pgnmmw99+0rmzES7xexWADXo/RRPH
mDCxGK3UKMHDYJLTx8D3MacMitzQulxVo9xWwH1C7ioL3o5zCv2mfIl32WNjqwpD
h4gNpnAGRthizeYTgyJM9nCrSWgeE+izGZ9F0g5uXzhyk1f6jlUmXiwjMu/XOcJO
5Rr1e42bWITuP49nB2QbdSqVvVscwCd5TEpOnQtVNZGsss/wQHXDmGSVrYYUQwO/
cUrU+hTti1IJXgyFi7F1oxde+LCUxXmizKGoY96dVN+TYH5c17ub1/4/DYpOmcly
tsQ2TOV0BqK4rgKLGfg2mA4zIFOdqXeGefLQVAF5fFzjFKKDi0ewp3sqy+ed6mKY
1M/HmRX/YzIouFZ3ChFPIpeY23XxJC0BXkWR4pS7qxnelrWBZ+UbleNr9uHat5rC
B77712dCT9zz85b380DnuMkrgz4HCnHuTcbHXIF1J604lars6ZrjtBvX+OsRHt7V
f72qKJufP+n01xliW68LP4v93auM8nuE4kkEJ8ncHyuDq/Q=
=fM0q
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFzO4ecBEACVS86VyuTSJmLmApi92R6D3/L3EIBFXhagJbrLkodkTuG9efYo
vM1DJPWEFs5kux8a8UPwn2gbQFPJg1AH77GqjP8gtn0KHQvXgYC9+7cTqDl6C7k9
n3BkB9bRIhHileYyIJfnycjJdrGFEmwGu0pBOEdr01R0kFprqYu9DwcD6oUvmZRn
OMoQQeLEC0cw/VzJ/ZqzJwO0t+rMCozqJ9/BfJZUqwijDZnJAZWnIVxjqxrUgyYA
5/0g9X8YHrIz09XuzaE64VAl0q3nrFJWvDCwE/ZM7w8jlUqtQgLu4K2U82G0YXw3
KJ1EbigEmtEohu6HVnAToCJuOnQ8m0rZxbyNMeYF9pyohdFEca4I0B8Evy2dYFnJ
Y2gghuU80vct54536WWz9mAjKwBFQUtxX0EjYrYN9ckzCK6fRqrnVv0USVp7N/ZY
PQkOEJSdmRdpvTMwfCuAyT0/3cxuC7NyAWiZDXJv7OVcDr/REfWAA7XMQOErwdGJ
gViG58YhLw0Pgdumg+prqQXowzlRzGAsV5VntCh+4LV8/ESmvWAE3V+jgZFB3cSp
g58NKjp1EwKwX6BCICyX+Oe03cnlC0UJ7S9FccrjNrkiwxxOVAnmy4kxX/P3Cuqc
C/b6BeeUA1hBNWNe42mr6YczS+dhpCSUVWQJp/TxdoXA2fGG1OS1FMaICwARAQAB
tCBSZW15IE1hdWNoZXJhdCA8cmVtbUBhcGFjaGUub3JnPokCOAQTAQIAIgUCXM7h
5wIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQaCSJWTWecisVSA/9Eh3h
0jeyy51rA1nqq9imbH0YC85A/wZjhb06UXwWBPozJR8UJsOJZ7kBzCW4gfkC9zTD
GStSHHAej9o96FHVRLzCyjaaZVuRUl2qCz9U+pnGMxb5aRNVAQ/wE10hHu3Yc+48
cc0sPCCPMdshAj1VOHczTU/LSv21TWBaKO3NMV9KilPzKvXHdPFYssVcUt2NgQLm
2Bx/ELTCVj5c9Ih2cz3T7kxf8LKsGALIfjcp8g9DlvMjVLKBFZqU94C4V0mba2Fd
6xHpdmcgMbSNo6poQ0M0O7CN5qVJFm/v4ZDooLNWRMeL66oen3LrZ8HRpPxfic77
JLKn60dywuYU8WYp7cV+3AnaDn/ggvC1x79LSmX4PFyG9/F5M7gp0HFrVdyc0nBo
UTejZXehwKrfvF/isPf7pUv2fGXwg07zTz8OMLQo4h9poB5YuuinjuxjBfmc2AvB
WbRcKNvHXHUlaVeK+VvohfPuetJESS4YB7fLMQPdGIckDFQub4SvXPNPPToLsbDB
2GGguqhwWD9ECa2o1RqX8LnCdB71uBcyiW8UIkLxwaygsciVm7SFz+pqAKJgzWwI
AsVYVOIKdq0GWaLDtMGJGQFfxuMVmMGGbvueAMcOCSSsGemkElan33VS8Zu1sjeY
P0Jt4ws6gcbUHI27l5Pvk06uWzaN8uyXGA03d4y5Ag0EXM7h5wEQALG3oikRAQqf
um+wW6oW2d1mIk0PtnC3l3/kGTA92kIqJzQ3Ua0mFaVGxdg2J/I1MF7HdlZJbGyP
5b0PdbSjLHFbQfFD6LHsLw9StVrkjbBKYaP0gRWxEIHMN4Qv01I2Lyc9ONlMjUIf
xNK/AG6oT/Ia53VVET78HOj01L7JjBAPuW8UPoy27s2gQ02smbA7iRUeZ3dpN2fy
027aKbimIl1ZrxJbcbxw29PXWJZP+CxJEnqwEw78QbqSsFMAhR9wZHTfEtUzYy6h
hyngwYQ+iBnB+1cYTEB9KbWWpP5n12iuRin77r2RwrHYAW/RUILK2rOJqPcIg6CX
P1o9UKPeN5QE/ScU5427XKZZscaQrvBPoN3G2RWmMuHM2cchXgRRMMaSvufocLjj
gKj/aPUDCkvJ5MyTNtMfVDx0Tw3aQpf2Fr1L1Hu2GyBqifioZGdzLL0LtdeXzkJy
nZGj/L5jzIlNBnQG97rgCuPflbIl2S1izNexnuX2Z1dcyS2MTrj3nnK6HoW+gvCc
oqq01S410wxaAUidJeGwLzgUa9Ig+6BVPT7sZrbc0IoNP+JdoqPxiEkqy4Msy9WJ
RVeJM520Q2T1YM7xm/4E8C7H+Fis5u4GNswk5qsXEOyLcHBzGEik3BDylp+sJ6/F
DuAN7k64RV2m+lKpjngiKZxo9LmqnsWTABEBAAGJAh8EGAECAAkFAlzO4ecCGwwA
CgkQaCSJWTWecishvg//ZDuhkbSUgIIjG9Rzq3cHNxZ4sFrUwL19AtGNktiwt0QA
GCKPnf4SdHZGKSeOqUHeDT/l/5l4Xc/JgRk/t2bEeC3cHE/Xc5V6I2n28HQiJScX
UJdnO3QdTCMEYVedu/9JhmA37eznQhm+UAcxT9tew3nSd0KkkMQyW6YpBEgcdsFd
aLiFPzbySjRWplyCdELPRFtW2ZHnJ5gVGYZ060EOHcdPb/4Gz/mA6dIjQ5N+vKlA
GNdYZgv3w4NRGLmni5T7jDAY6T2CJXxvcgfYfh3oY3aiZaWzKKQyLEVaoZ6dJbsm
mi2if7MZ/SVCMdM3MXiRpCeyyw9MTylGzgwbDYSz2ZkGvy9k+1M75q5QEfvVM8R3
guaBJR+e4fkfsRBUAqwmHy8TrXghf5eOCsJx/9yyRXvK4tnwSBUIzFa1q0POESul
jFWYFkvRjKIYfFWS6cY37sPNLvEQQmP2O07ttaYfIXcMcVF+HsDBUftGRWIkkPn2
LucW7f0Lqlbv/mlJpqByz522jmJRNFLVQh87LYz91FgsLAgDkPpi8mzRrEfb2nHD
+PIKpoO499AKQ8hETMbfzmpJUIV2Bhd7OqKDSf+yHiYSje9evofP+4lDUx3u7tQ3
4OUzLqBRVrhFDI9keHnhOFMJSrnrpXe7Cm9JujvTX/hy2iOpTOuflj0Djsc8dnQ=
=l4Ry
-----END PGP PUBLIC KEY BLOCK-----

29
tomcat.spec
View File

@ -22,7 +22,7 @@
%define elspec 3.0
%define major_version 9
%define minor_version 0
%define micro_version 43
%define micro_version 75
%define packdname apache-tomcat-%{version}-src
# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
%global basedir /srv/%{name}
@ -77,23 +77,11 @@ Patch2: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.pa
Patch3: %{name}-%{major_version}.%{minor_version}-javadoc.patch
# PATCH-FIX-OPENSUSE: include all necessary aqute-bnd jars
Patch4: tomcat-9.0-osgi-build.patch
# PATCH-FIX-OPENSUSE: cast ByteBuffer to Buffer in cases where there is a risk of using Java 9+ apis
Patch5: tomcat-9.0.43-java8compat.patch
Patch5: %{name}-%{major_version}.%{minor_version}-jdt.patch
# PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting
Patch6: tomcat-9.0.31-secretRequired-default.patch
Patch7: tomcat-9.0-CVE-2021-41079.patch
Patch8: tomcat-9.0-CVE-2021-33037.patch
Patch9: tomcat-9.0-CVE-2021-30640.patch
Patch10: tomcat-9.0-NPE-JNDIRealm.patch
Patch11: tomcat-9.0-CVE-2022-23181.patch
Patch12: tomcat-9.0-hardening_getResources.patch
Patch13: tomcat-9.0.43-CVE-2021-43980.patch
Patch14: tomcat-9.0.43-CVE-2022-42252.patch
Patch6: tomcat-9.0.75-secretRequired-default.patch
Patch15: tomcat-9.0-fix_catalina.patch
Patch16: tomcat-9.0-logrotate_everything.patch
Patch17: tomcat-9.0.43-CVE-2023-24998.patch
Patch18: tomcat-9.0.43-CVE-2023-28708.patch
Patch19: tomcat-9.0.43-CVE-2022-45143.patch
BuildRequires: ant >= 1.8.1
BuildRequires: ant-antlr
@ -266,19 +254,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
# remove date from docs
sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl