Accepting request 1139494 from home:mbussolotto:branches:Java:packages

- change server.xml during %post instead of %posttrans - add libxslt-tools requirement - Fixed CVEs: * CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing (bsc#1217649) - Added patches: * tomcat-10-CVE-2023-46589.patch OBS-URL: https://build.opensuse.org/request/show/1139494 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat10?expand=0&rev=20
2024-01-17 15:46:22 +00:00
parent 940c0b2f6d
commit e59c5cabf4
3 changed files with 328 additions and 4 deletions
--- a/tomcat10.spec
+++ b/tomcat10.spec
@@ -71,6 +71,7 @@ Source21:       %{app_name}-functions
 Source30:       %{app_name}-preamble
 Source31:       %{app_name}-server
 Source32:       %{app_name}-named.service
+Source33:       tomcat-10-CVE-2023-46589.patch
 Source100:      valve.xslt
 Source101:      allowLinking.xslt
 Source1000:     %{app_name}-rpmlintrc
@@ -111,7 +112,6 @@ BuildRequires:  jakarta-taglibs-standard >= 1.1
 BuildRequires:  java-devel >= 11
 BuildRequires:  javapackages-local
 BuildRequires:  junit
-BuildRequires:  libxslt-tools
 BuildRequires:  osgi-annotation
 BuildRequires:  osgi-compendium
 BuildRequires:  osgi-core
@@ -132,6 +132,7 @@ Requires:       apache-commons-pool2
 Requires:       jakarta-servlet
 Requires:       java >= %{java_version}
 Requires(post): %fillup_prereq
+Requires(post): libxslt-tools
 Requires(pre):  shadow
 Requires:       libtcnative-1-0 >= 1.2.38
 Requires:       logrotate
@@ -150,6 +151,7 @@ ATTENTION: This tomcat is built with java %{java_version}.
 Summary:        The host manager and manager web applications for Apache Tomcat
 Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}-%{release}
+Requires(post): libxslt-tools
 Conflicts:      %{app_name}-admin-webapps

 %description admin-webapps
@@ -167,6 +169,7 @@ Embeddeding support (various libraries) for Apache Tomcat.
 Summary:        The "docs" web application for Apache Tomcat
 Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}-%{release}
+Requires(post): libxslt-tools
 Conflicts:      %{app_name}-docs-webapp

 %description docs-webapp
@@ -261,6 +264,7 @@ Summary:        ROOT and examples web applications for Apache Tomcat
 Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}-%{release}
 Requires:       jakarta-taglibs-standard >= 1.1
+Requires(post): libxslt-tools
 Conflicts:      %{app_name}-webapps

 %description webapps
@@ -587,6 +591,7 @@ getent passwd tomcat >/dev/null || %{_sbindir}/useradd -c "Apache Tomcat" \
 %post
 %service_add_post %{app_name}.service
 %{fillup_only %{app_name}}
+xsltproc  --output %{confdir}/server.xml %{confdir}/valve.xslt %{confdir}/server.xml

 %preun
 %service_del_preun %{app_name}.service
@@ -696,9 +701,6 @@ if [ ! -e %{_datadir}/%{app_name}/webapps/docs ]; then
    ln -sf %{tomcatappdir}/docs %{_datadir}/%{app_name}/webapps/docs
 fi

-%posttrans
-xsltproc  --output %{confdir}/server.xml %{confdir}/valve.xslt %{confdir}/server.xml
-
 %files
 %doc {LICENSE,NOTICE,RELEASE*}
 %attr(0755,root,root) %{_bindir}/%{app_name}-digest