From 2fb58ed40766d45edf3dd7fe56b9c9f929640bd98281275a6fb4245acbf27c0f Mon Sep 17 00:00:00 2001 From: Matei Albu Date: Thu, 16 Aug 2018 13:14:11 +0000 Subject: [PATCH 1/4] Accepting request 629579 from home:mateialbu:branches:Java:packages - Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files OBS-URL: https://build.opensuse.org/request/show/629579 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=126 --- apache-tomcat-9.0.10-src.tar.gz | 3 ++ apache-tomcat-9.0.10-src.tar.gz.asc | 16 ++++++++++ apache-tomcat-9.0.5-src.tar.gz | 3 -- apache-tomcat-9.0.5-src.tar.gz.asc | 7 ----- tomcat-9.0-JDTCompiler-java.patch | 45 +++++++++++++++++++---------- tomcat-9.0-disable-osgi-build.patch | 44 ++++++++++++++++++++++++++++ tomcat.changes | 14 +++++++++ tomcat.spec | 7 ++++- 8 files changed, 112 insertions(+), 27 deletions(-) create mode 100644 apache-tomcat-9.0.10-src.tar.gz create mode 100644 apache-tomcat-9.0.10-src.tar.gz.asc delete mode 100644 apache-tomcat-9.0.5-src.tar.gz delete mode 100644 apache-tomcat-9.0.5-src.tar.gz.asc create mode 100644 tomcat-9.0-disable-osgi-build.patch diff --git a/apache-tomcat-9.0.10-src.tar.gz b/apache-tomcat-9.0.10-src.tar.gz new file mode 100644 index 0000000..98485e0 --- /dev/null +++ b/apache-tomcat-9.0.10-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5d6a2ff9715c1624d9e99e0b02e1811d2772a3291c8641269cfc0884d5942c34 +size 5147367 diff --git a/apache-tomcat-9.0.10-src.tar.gz.asc b/apache-tomcat-9.0.10-src.tar.gz.asc new file mode 100644 index 0000000..cb0d0bd --- /dev/null +++ b/apache-tomcat-9.0.10-src.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAlstN0UACgkQEMAcWi9g +Wec65Q/+JAVi3ft4q5R7rcF5cA1Qh2vK1Jh2PaWrIQbk5PxFb8uG0IdbZXn2DlIL +9F7Pa20pGti84/CgN19OqYxFOvxr6g0lxyG+0FqGxKAsEG/LhznLTl7a7a0Mios4 +PyiYdpdFGNp7eCpavckYGIqtqGeCfY1dZiVtA7ZmV1OiACVSuwdRowb6xCcwuz2H +ZgqSybLLDQVknOpoJHtPrqr8spy+P1IULUdrZb3aMeXaQ9R+UdNb/zmX967N/gd6 +S0fQKuoJp35kQ9PWwYhWrgsxX6/ZNuLo1DvIL1KLoFnEEqPVy1mVXdFunb99kaIZ +phhRv4tIV9DNqMg3Gy4u2axjAOKE5lJ+HwrcQt2GlyWXEwbC2cqUmJ1whzv+C9H0 +5tM49fUDFlFm2WBKzcgGH8piofH2bkaA5wCQUwW23rlU/GisDQvTXk/K3U5itpIS +7xPzeap2McNPURn1zjmFeqyoMkujnf8qkValITVpDo0c84o9/5+ywheTE7/VIzXF +0LYelM0UuW0BqWFy8GY6iRk3EycfK6DcxejbNpB8TEXq+am5y7y1lNa7xz56WfDY +KcVoSG9kionCdgJeivCaDK/PdVEWb5vqs0XjOryrInB5C1R5t4jbwxJCU0FSo7in +7cHSeh4HxBC6bAQfsrhy4uoWkdz9Y8DvEOaC5sN205sLr7kMe3E= +=WeRG +-----END PGP SIGNATURE----- diff --git a/apache-tomcat-9.0.5-src.tar.gz b/apache-tomcat-9.0.5-src.tar.gz deleted file mode 100644 index 5b6b5a5..0000000 --- a/apache-tomcat-9.0.5-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8d402beb64d38c360923b2c15fcc3a32fc6d602e4e6b590ecab143832a94811d -size 5077379 diff --git a/apache-tomcat-9.0.5-src.tar.gz.asc b/apache-tomcat-9.0.5-src.tar.gz.asc deleted file mode 100644 index 52b22d6..0000000 --- a/apache-tomcat-9.0.5-src.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iEYEABECAAYFAlp6IhEACgkQb7IeiTPGAkNOogCfdEvtPdOmOWNTPiu3qzE95hOH -ugAAni6jvLd1ASKs9wMvEaYUHKtbsHGM -=1Qrs ------END PGP SIGNATURE----- diff --git a/tomcat-9.0-JDTCompiler-java.patch b/tomcat-9.0-JDTCompiler-java.patch index def5e80..89ec32f 100644 --- a/tomcat-9.0-JDTCompiler-java.patch +++ b/tomcat-9.0-JDTCompiler-java.patch @@ -3,37 +3,50 @@ IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== ---- java/org/apache/jasper/compiler/JDTCompiler.java (date 1506521372000) -+++ java/org/apache/jasper/compiler/JDTCompiler.java (revision ) -@@ -312,10 +312,10 @@ +--- java/org/apache/jasper/compiler/JDTCompiler.java (revision 6bbf738a0e56d1793022b15e9aca9b690699216b) ++++ java/org/apache/jasper/compiler/JDTCompiler.java (date 1534261527000) +@@ -312,15 +312,16 @@ CompilerOptions.VERSION_1_7); } else if(opt.equals("1.8")) { settings.put(CompilerOptions.OPTION_Source, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { settings.put(CompilerOptions.OPTION_Source, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); + } else if(opt.equals("10")) { + settings.put(CompilerOptions.OPTION_Source, +- CompilerOptions.VERSION_10); ++ "10"); ++ } else { log.warn("Unknown source VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_Source, -@@ -359,14 +359,14 @@ - CompilerOptions.VERSION_1_7); - } else if(opt.equals("1.8")) { +@@ -366,19 +367,19 @@ settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_8); -+ "1.8"); // CompilerOptions.VERSION_1_8 + CompilerOptions.VERSION_1_8); settings.put(CompilerOptions.OPTION_Compliance, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 settings.put(CompilerOptions.OPTION_Compliance, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 + } else if(opt.equals("10")) { + settings.put(CompilerOptions.OPTION_TargetPlatform, +- CompilerOptions.VERSION_10); ++ "10"); + settings.put(CompilerOptions.OPTION_Compliance, +- CompilerOptions.VERSION_10); ++ "10"); } else { log.warn("Unknown target VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_TargetPlatform, diff --git a/tomcat-9.0-disable-osgi-build.patch b/tomcat-9.0-disable-osgi-build.patch new file mode 100644 index 0000000..f663891 --- /dev/null +++ b/tomcat-9.0-disable-osgi-build.patch @@ -0,0 +1,44 @@ +Index: build.xml +IDEA additional info: +Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP +<+>UTF-8 +=================================================================== +--- build.xml (date 1529515764000) ++++ build.xml (date 1534335916000) +@@ -15,7 +15,8 @@ + See the License for the specific language governing permissions and + limitations under the License. + --> +- ++ + + + +@@ -728,7 +729,7 @@ + + + ++ depends="setup-bnd,build-prepare" if="add.osgi.jar.metadata"> + + + + +- ++ + + + +@@ -3025,7 +3026,7 @@ + + + +- ++ + + + diff --git a/tomcat.changes b/tomcat.changes index c1313ef..bd7c670 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Aug 16 14:13:23 UTC 2018 - malbu@suse.com + +- Update to Tomcat 9.0.10. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) +- Fixed CVEs: + - CVE-2018-1336 (bsc#1102400) + - CVE-2018-8014 (bsc#1093697) + - CVE-2018-8034 (bsc#1102379) + - CVE-2018-8037 (bsc#1102410) +- Rebased patch tomcat-9.0-JDTCompiler-java.patch +- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding + OSGi metadata to JAR files + ------------------------------------------------------------------- Wed Feb 16 16:38:14 UTC 2018 - malbu@suse.de diff --git a/tomcat.spec b/tomcat.spec index 71e710c..7f96de2 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 9 %define minor_version 0 -%define micro_version 5 +%define micro_version 10 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name} @@ -83,6 +83,9 @@ Patch2: %{name}-%{major_version}.%{minor_version}-JDTCompiler-java.patch Patch3: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch # PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files Patch4: %{name}-%{major_version}.%{minor_version}-javadoc.patch +# PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE +Patch5: tomcat-9.0-disable-osgi-build.patch + BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr BuildRequires: apache-commons-collections @@ -252,6 +255,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch2 %patch3 %patch4 +%patch5 # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl @@ -285,6 +289,7 @@ ant -Dbase.path="." \ -Dnsis.exe="HACK" \ -Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \ -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \ + -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1_1-api)" \ -Dcommons-pool.home="$(build-classpath commons-pool2)" \ -Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \ -Dno.build.dbcp=true \ From d0f3155bd6cc4ba785a92875846c9fa7a9ec5c47442a14405ec049e771069c0e Mon Sep 17 00:00:00 2001 From: Matei Albu Date: Sun, 26 Aug 2018 22:23:16 +0000 Subject: [PATCH 2/4] Accepting request 631635 from home:mateialbu:branches:Java:packages - Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720) OBS-URL: https://build.opensuse.org/request/show/631635 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=127 --- tomcat-9.0.sysconfig | 11 ----------- tomcat.changes | 6 ++++++ 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/tomcat-9.0.sysconfig b/tomcat-9.0.sysconfig index 05cc032..473a0f4 100644 --- a/tomcat-9.0.sysconfig +++ b/tomcat-9.0.sysconfig @@ -1,11 +0,0 @@ -# Service-specific configuration file for tomcat. This will be sourced by -# systemd for the default service (tomcat.service) -# If you want to customize named instance, make a similar file -# and name it tomcat@instancename. - -# You will not need to set this, usually. For default service it equals -# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME} -#CATALINA_BASE="@@@TCHOME@@@" - -# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you -# can override. diff --git a/tomcat.changes b/tomcat.changes index bd7c670..86e6dc9 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Aug 26 22:01:07 UTC 2018 - malbu@suse.com + +- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's + configuration during update (bsc#1067720) + ------------------------------------------------------------------- Tue Aug 16 14:13:23 UTC 2018 - malbu@suse.com From c7923743703686e8d14345baa311fbfe2d9d054f5fd2176f2a685e2d58f30e21 Mon Sep 17 00:00:00 2001 From: Matei Albu Date: Mon, 27 Aug 2018 10:38:49 +0000 Subject: [PATCH 3/4] Accepting request 631734 from home:mateialbu:branches:Java:packages Fix source url OBS-URL: https://build.opensuse.org/request/show/631734 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=128 --- tomcat.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tomcat.spec b/tomcat.spec index 7f96de2..bfedcd9 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -46,7 +46,7 @@ Summary: Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 License: Apache-2.0 Group: Productivity/Networking/Web/Servers Url: http://tomcat.apache.org -Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz +Source0: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf Source2: %{name}-%{major_version}.%{minor_version}.init Source3: %{name}-%{major_version}.%{minor_version}.sysconfig @@ -69,7 +69,7 @@ Source30: tomcat-preamble Source31: tomcat-server Source32: tomcat-named.service Source1000: tomcat-rpmlintrc -Source1001: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc +Source1001: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc Source1002: %{name}.keyring #PATCH-FIX-UPSTREAM: from jpackage.org package Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch From 6b40ed278e2c4c7eea3aac5016d01172a72768e0b537e9842baa2ddba6815781 Mon Sep 17 00:00:00 2001 From: Matei Albu Date: Tue, 2 Oct 2018 14:07:34 +0000 Subject: [PATCH 4/4] Accepting request 635258 from home:ecsos:server - Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml OBS-URL: https://build.opensuse.org/request/show/635258 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=129 --- tomcat-rpmlintrc | 2 ++ tomcat.changes | 8 ++++++++ tomcat.spec | 7 ++++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tomcat-rpmlintrc b/tomcat-rpmlintrc index 13736db..308e74c 100644 --- a/tomcat-rpmlintrc +++ b/tomcat-rpmlintrc @@ -1,2 +1,4 @@ #fix of bnc#520532 addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/ROOT.*") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/host-manager/META-INF/context.xml") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/manager/META-INF/context.xml") diff --git a/tomcat.changes b/tomcat.changes index 86e6dc9..d940a77 100644 --- a/tomcat.changes +++ b/tomcat.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Sep 11 10:34:02 UTC 2018 - ecsos@opensuse.org + +- Declare following files to config(noreplace) to prevent override + access rights: + - host-manager/META-INF/context.xml + - manager/META-INF/context.xml + ------------------------------------------------------------------- Sun Aug 26 22:01:07 UTC 2018 - malbu@suse.com diff --git a/tomcat.spec b/tomcat.spec index bfedcd9..c54b4a0 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -100,7 +100,8 @@ BuildRequires: geronimo-jaxrpc-1_1-api BuildRequires: geronimo-qname-1_1-api BuildRequires: geronimo-saaj-1_1-api BuildRequires: jakarta-taglibs-standard >= 1.1 -BuildRequires: java-devel >= 1.8 +#BuildRequires: java-devel >= 1.8 +BuildRequires: java-devel = 1.8.0 BuildRequires: javapackages-local BuildRequires: javapackages-tools BuildRequires: junit @@ -136,6 +137,8 @@ released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. +ATTENTION-> This tomcat is build with java 1.8.0 + %package admin-webapps Summary: The host-manager and manager web applications for Apache Tomcat Group: Productivity/Networking/Web/Servers @@ -701,7 +704,9 @@ rm -f \ %files admin-webapps %{appdir}/host-manager +%config(noreplace) %{appdir}/host-manager/META-INF/context.xml %{appdir}/manager +%config(noreplace) %{appdir}/manager/META-INF/context.xml %files docs-webapp %doc %{appdir}/docs