diff --git a/apache-tomcat-9.0.10-src.tar.gz b/apache-tomcat-9.0.10-src.tar.gz new file mode 100644 index 0000000..98485e0 --- /dev/null +++ b/apache-tomcat-9.0.10-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5d6a2ff9715c1624d9e99e0b02e1811d2772a3291c8641269cfc0884d5942c34 +size 5147367 diff --git a/apache-tomcat-9.0.10-src.tar.gz.asc b/apache-tomcat-9.0.10-src.tar.gz.asc new file mode 100644 index 0000000..cb0d0bd --- /dev/null +++ b/apache-tomcat-9.0.10-src.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAlstN0UACgkQEMAcWi9g +Wec65Q/+JAVi3ft4q5R7rcF5cA1Qh2vK1Jh2PaWrIQbk5PxFb8uG0IdbZXn2DlIL +9F7Pa20pGti84/CgN19OqYxFOvxr6g0lxyG+0FqGxKAsEG/LhznLTl7a7a0Mios4 +PyiYdpdFGNp7eCpavckYGIqtqGeCfY1dZiVtA7ZmV1OiACVSuwdRowb6xCcwuz2H +ZgqSybLLDQVknOpoJHtPrqr8spy+P1IULUdrZb3aMeXaQ9R+UdNb/zmX967N/gd6 +S0fQKuoJp35kQ9PWwYhWrgsxX6/ZNuLo1DvIL1KLoFnEEqPVy1mVXdFunb99kaIZ +phhRv4tIV9DNqMg3Gy4u2axjAOKE5lJ+HwrcQt2GlyWXEwbC2cqUmJ1whzv+C9H0 +5tM49fUDFlFm2WBKzcgGH8piofH2bkaA5wCQUwW23rlU/GisDQvTXk/K3U5itpIS +7xPzeap2McNPURn1zjmFeqyoMkujnf8qkValITVpDo0c84o9/5+ywheTE7/VIzXF +0LYelM0UuW0BqWFy8GY6iRk3EycfK6DcxejbNpB8TEXq+am5y7y1lNa7xz56WfDY +KcVoSG9kionCdgJeivCaDK/PdVEWb5vqs0XjOryrInB5C1R5t4jbwxJCU0FSo7in +7cHSeh4HxBC6bAQfsrhy4uoWkdz9Y8DvEOaC5sN205sLr7kMe3E= +=WeRG +-----END PGP SIGNATURE----- diff --git a/apache-tomcat-9.0.5-src.tar.gz b/apache-tomcat-9.0.5-src.tar.gz deleted file mode 100644 index 5b6b5a5..0000000 --- a/apache-tomcat-9.0.5-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8d402beb64d38c360923b2c15fcc3a32fc6d602e4e6b590ecab143832a94811d -size 5077379 diff --git a/apache-tomcat-9.0.5-src.tar.gz.asc b/apache-tomcat-9.0.5-src.tar.gz.asc deleted file mode 100644 index 52b22d6..0000000 --- a/apache-tomcat-9.0.5-src.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iEYEABECAAYFAlp6IhEACgkQb7IeiTPGAkNOogCfdEvtPdOmOWNTPiu3qzE95hOH -ugAAni6jvLd1ASKs9wMvEaYUHKtbsHGM -=1Qrs ------END PGP SIGNATURE----- diff --git a/tomcat-9.0-JDTCompiler-java.patch b/tomcat-9.0-JDTCompiler-java.patch index def5e80..89ec32f 100644 --- a/tomcat-9.0-JDTCompiler-java.patch +++ b/tomcat-9.0-JDTCompiler-java.patch @@ -3,37 +3,50 @@ IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== ---- java/org/apache/jasper/compiler/JDTCompiler.java (date 1506521372000) -+++ java/org/apache/jasper/compiler/JDTCompiler.java (revision ) -@@ -312,10 +312,10 @@ +--- java/org/apache/jasper/compiler/JDTCompiler.java (revision 6bbf738a0e56d1793022b15e9aca9b690699216b) ++++ java/org/apache/jasper/compiler/JDTCompiler.java (date 1534261527000) +@@ -312,15 +312,16 @@ CompilerOptions.VERSION_1_7); } else if(opt.equals("1.8")) { settings.put(CompilerOptions.OPTION_Source, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { settings.put(CompilerOptions.OPTION_Source, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); + } else if(opt.equals("10")) { + settings.put(CompilerOptions.OPTION_Source, +- CompilerOptions.VERSION_10); ++ "10"); ++ } else { log.warn("Unknown source VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_Source, -@@ -359,14 +359,14 @@ - CompilerOptions.VERSION_1_7); - } else if(opt.equals("1.8")) { +@@ -366,19 +367,19 @@ settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_8); -+ "1.8"); // CompilerOptions.VERSION_1_8 + CompilerOptions.VERSION_1_8); settings.put(CompilerOptions.OPTION_Compliance, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 settings.put(CompilerOptions.OPTION_Compliance, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 + } else if(opt.equals("10")) { + settings.put(CompilerOptions.OPTION_TargetPlatform, +- CompilerOptions.VERSION_10); ++ "10"); + settings.put(CompilerOptions.OPTION_Compliance, +- CompilerOptions.VERSION_10); ++ "10"); } else { log.warn("Unknown target VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_TargetPlatform, diff --git a/tomcat-9.0-disable-osgi-build.patch b/tomcat-9.0-disable-osgi-build.patch new file mode 100644 index 0000000..f663891 --- /dev/null +++ b/tomcat-9.0-disable-osgi-build.patch @@ -0,0 +1,44 @@ +Index: build.xml +IDEA additional info: +Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP +<+>UTF-8 +=================================================================== +--- build.xml (date 1529515764000) ++++ build.xml (date 1534335916000) +@@ -15,7 +15,8 @@ + See the License for the specific language governing permissions and + limitations under the License. + --> +- ++ + + + +@@ -728,7 +729,7 @@ + + + ++ depends="setup-bnd,build-prepare" if="add.osgi.jar.metadata"> + + + + +- ++ + + + +@@ -3025,7 +3026,7 @@ + + + +- ++ + + + diff --git a/tomcat-9.0.sysconfig b/tomcat-9.0.sysconfig index 05cc032..473a0f4 100644 --- a/tomcat-9.0.sysconfig +++ b/tomcat-9.0.sysconfig @@ -1,11 +0,0 @@ -# Service-specific configuration file for tomcat. This will be sourced by -# systemd for the default service (tomcat.service) -# If you want to customize named instance, make a similar file -# and name it tomcat@instancename. - -# You will not need to set this, usually. For default service it equals -# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME} -#CATALINA_BASE="@@@TCHOME@@@" - -# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you -# can override. diff --git a/tomcat-rpmlintrc b/tomcat-rpmlintrc index 13736db..308e74c 100644 --- a/tomcat-rpmlintrc +++ b/tomcat-rpmlintrc @@ -1,2 +1,4 @@ #fix of bnc#520532 addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/ROOT.*") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/host-manager/META-INF/context.xml") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/manager/META-INF/context.xml") diff --git a/tomcat.changes b/tomcat.changes index c1313ef..d940a77 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Sep 11 10:34:02 UTC 2018 - ecsos@opensuse.org + +- Declare following files to config(noreplace) to prevent override + access rights: + - host-manager/META-INF/context.xml + - manager/META-INF/context.xml + +------------------------------------------------------------------- +Sun Aug 26 22:01:07 UTC 2018 - malbu@suse.com + +- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's + configuration during update (bsc#1067720) + +------------------------------------------------------------------- +Tue Aug 16 14:13:23 UTC 2018 - malbu@suse.com + +- Update to Tomcat 9.0.10. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) +- Fixed CVEs: + - CVE-2018-1336 (bsc#1102400) + - CVE-2018-8014 (bsc#1093697) + - CVE-2018-8034 (bsc#1102379) + - CVE-2018-8037 (bsc#1102410) +- Rebased patch tomcat-9.0-JDTCompiler-java.patch +- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding + OSGi metadata to JAR files + ------------------------------------------------------------------- Wed Feb 16 16:38:14 UTC 2018 - malbu@suse.de diff --git a/tomcat.spec b/tomcat.spec index 71e710c..c54b4a0 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 9 %define minor_version 0 -%define micro_version 5 +%define micro_version 10 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name} @@ -46,7 +46,7 @@ Summary: Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 License: Apache-2.0 Group: Productivity/Networking/Web/Servers Url: http://tomcat.apache.org -Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz +Source0: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf Source2: %{name}-%{major_version}.%{minor_version}.init Source3: %{name}-%{major_version}.%{minor_version}.sysconfig @@ -69,7 +69,7 @@ Source30: tomcat-preamble Source31: tomcat-server Source32: tomcat-named.service Source1000: tomcat-rpmlintrc -Source1001: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc +Source1001: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc Source1002: %{name}.keyring #PATCH-FIX-UPSTREAM: from jpackage.org package Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch @@ -83,6 +83,9 @@ Patch2: %{name}-%{major_version}.%{minor_version}-JDTCompiler-java.patch Patch3: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch # PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files Patch4: %{name}-%{major_version}.%{minor_version}-javadoc.patch +# PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE +Patch5: tomcat-9.0-disable-osgi-build.patch + BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr BuildRequires: apache-commons-collections @@ -97,7 +100,8 @@ BuildRequires: geronimo-jaxrpc-1_1-api BuildRequires: geronimo-qname-1_1-api BuildRequires: geronimo-saaj-1_1-api BuildRequires: jakarta-taglibs-standard >= 1.1 -BuildRequires: java-devel >= 1.8 +#BuildRequires: java-devel >= 1.8 +BuildRequires: java-devel = 1.8.0 BuildRequires: javapackages-local BuildRequires: javapackages-tools BuildRequires: junit @@ -133,6 +137,8 @@ released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. +ATTENTION-> This tomcat is build with java 1.8.0 + %package admin-webapps Summary: The host-manager and manager web applications for Apache Tomcat Group: Productivity/Networking/Web/Servers @@ -252,6 +258,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch2 %patch3 %patch4 +%patch5 # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl @@ -285,6 +292,7 @@ ant -Dbase.path="." \ -Dnsis.exe="HACK" \ -Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \ -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \ + -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1_1-api)" \ -Dcommons-pool.home="$(build-classpath commons-pool2)" \ -Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \ -Dno.build.dbcp=true \ @@ -696,7 +704,9 @@ rm -f \ %files admin-webapps %{appdir}/host-manager +%config(noreplace) %{appdir}/host-manager/META-INF/context.xml %{appdir}/manager +%config(noreplace) %{appdir}/manager/META-INF/context.xml %files docs-webapp %doc %{appdir}/docs