From 57725cfd8846c4629683b8a40dca7ebc158d3a0b Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Fri, 9 Jun 2023 15:30:09 +0800 Subject: [PATCH 1/9] Update to 9.0.75 --- sources | 2 +- tomcat.spec | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/sources b/sources index fa93e4d..27278f4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.71-src.tar.gz) = 0c62a5e526178e39c68717223ce2cb4a31096e5765b718639e4ba4bbf3d70ba28238cd1bb5cf74747f718b35baf98de32c7ee8a7ebd445c6191700070c1ca930 +SHA512 (apache-tomcat-9.0.75-src.tar.gz) = 19f78fbe3391bbad65494e0071a6df9a26ceb1a4bd387b3425c5f34a02391fcaaae40442cdca3a98c4b7b45963d3a9e51dd6a1b72f11c29904c755cff03def64 diff --git a/tomcat.spec b/tomcat.spec index 0e194dd..a2306d9 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 71 +%global micro_version 75 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -80,7 +80,6 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat Patch2: %{name}-build.patch Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch Patch4: rhbz-1857043.patch -Patch5: %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch BuildArch: noarch @@ -190,7 +189,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch2 -p0 %patch3 -p0 %patch4 -p0 -%patch5 -p0 %patch6 -p0 # Remove webservices naming resources as it's generally unused @@ -496,6 +494,10 @@ fi %{appdir}/ROOT %changelog +* Fri Jun 09 2023 Hui Wang - 1:9.0.75-1 +- Update to 9.0.75 +- Remove JDTCompiler.patch because ecj has been updated + * Sun Jan 29 2023 Hui Wang - 1:9.0.71-1 - Update to 9.0.71 - Remove osgi-annotations patch From ae5f557996070bbd3255f3c7162ea80e313f2f0d Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Wed, 14 Jun 2023 12:57:27 +0800 Subject: [PATCH 2/9] Update to 9.0.76 Resolves: rhbz#2188218 Link bin/tomcat-juli.jar to /usr/share/java Move tomcat-jsp-2.3-api.jar,tomcat-servlet-4.0-api.jar and tomcat-el-api.jar to the subpackages --- sources | 2 +- tomcat.spec | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 27278f4..2bc150a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.75-src.tar.gz) = 19f78fbe3391bbad65494e0071a6df9a26ceb1a4bd387b3425c5f34a02391fcaaae40442cdca3a98c4b7b45963d3a9e51dd6a1b72f11c29904c755cff03def64 +SHA512 (apache-tomcat-9.0.76-src.tar.gz) = 64de4778a4e142baa6e49d5b2d2ca30aaf0133fa1cb450ceb528d6da0440933d01dc9571b6f7b35162de41bf740b71487948ba179ea3d2c75a842848e1bae7bf diff --git a/tomcat.spec b/tomcat.spec index a2306d9..8c4ca79 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 75 +%global micro_version 76 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -326,6 +326,8 @@ pushd ${RPM_BUILD_ROOT}%{libdir} %{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar . %{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar . %{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar + + %{__cp} -a ../../%{name}/bin/tomcat-juli.jar . popd # symlink to the FHS locations where we've installed things @@ -473,27 +475,42 @@ fi %{_javadir}/*.jar %{bindir}/tomcat-juli.jar %exclude %{libdir}/%{name}-el-%{elspec}-api.jar +%exclude %{libdir}/%{name}-servlet-%{servletspec}*.jar +%exclude %{libdir}/%{name}-jsp-%{jspspec}*.jar %exclude %{_javadir}/%{name}-servlet-%{servletspec}*.jar %exclude %{_javadir}/%{name}-el-%{elspec}-api.jar %exclude %{_javadir}/%{name}-jsp-%{jspspec}*.jar +%exclude %{_javadir}/%{name}-servlet-api.jar +%exclude %{_javadir}/%{name}-el-api.jar +%exclude %{_javadir}/%{name}-jsp-api.jar %files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api %{_javadir}/%{name}-jsp-%{jspspec}*.jar +%{libdir}/%{name}-jsp-%{jspspec}*.jar +%{_javadir}/%{name}-jsp-api.jar %files servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api %doc LICENSE %{_javadir}/%{name}-servlet-%{servletspec}*.jar +%{libdir}/%{name}-servlet-%{servletspec}*.jar +%{_javadir}/%{name}-servlet-api.jar %files el-%{elspec}-api -f .mfiles-tomcat-el-api %doc LICENSE %{_javadir}/%{name}-el-%{elspec}-api.jar %{libdir}/%{name}-el-%{elspec}-api.jar +%{_javadir}/%{name}-el-api.jar %files webapps %defattr(0644,tomcat,tomcat,0755) %{appdir}/ROOT %changelog +* Wed Jun 14 2023 Hui Wang - 1:9.0.76-1 +- Update to 9.0.76 +- Resolves: rhbz#2188218 Link bin/tomcat-juli.jar to /usr/share/java +- Move tomcat-jsp-2.3-api.jar,tomcat-servlet-4.0-api.jar and tomcat-el-api.jar to the subpackages + * Fri Jun 09 2023 Hui Wang - 1:9.0.75-1 - Update to 9.0.75 - Remove JDTCompiler.patch because ecj has been updated From f9e6a81698b505cff812cfcfbdbc664a5f76f20b Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Tue, 20 Jun 2023 15:22:32 +0800 Subject: [PATCH 3/9] Resolves: rhbz#2210322 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete Install missing poms --- tomcat.spec | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/tomcat.spec b/tomcat.spec index 8c4ca79..9ee7fee 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -56,7 +56,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: ASL 2.0 @@ -343,7 +343,7 @@ popd # Install the maven metadata for the spec impl artifacts as other projects use them #%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir} pushd res/maven - for pom in tomcat-el-api.pom tomcat-jsp-api.pom tomcat-servlet-api.pom; do + for pom in *.pom; do # fix-up version in all pom files sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom done @@ -353,6 +353,36 @@ popd %mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar %mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar %mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar +%mvn_artifact res/maven/tomcat-annotations-api.pom ${RPM_BUILD_ROOT}%{libdir}/annotations-api.jar +%mvn_artifact res/maven/tomcat-api.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-api.jar +%mvn_artifact res/maven/tomcat-catalina-ant.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ant.jar +%mvn_artifact res/maven/tomcat-catalina-ha.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ha.jar +%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar +%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar +%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar +%mvn_artifact res/maven/tomcat-catalina.pom ${RPM_BUILD_ROOT}%{libdir}/catalina.jar +%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar +%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar +%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar +%mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar +%mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar +%mvn_artifact res/maven/tomcat-i18n-cs.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-cs.jar +%mvn_artifact res/maven/tomcat-i18n-de.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-de.jar +%mvn_artifact res/maven/tomcat-i18n-es.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-es.jar +%mvn_artifact res/maven/tomcat-i18n-fr.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-fr.jar +%mvn_artifact res/maven/tomcat-i18n-ja.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ja.jar +%mvn_artifact res/maven/tomcat-i18n-ko.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ko.jar +%mvn_artifact res/maven/tomcat-i18n-pt-BR.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-pt-BR.jar +%mvn_artifact res/maven/tomcat-i18n-ru.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ru.jar +%mvn_artifact res/maven/tomcat-i18n-zh-CN.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-zh-CN.jar +%mvn_artifact res/maven/tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jdbc.jar +%mvn_artifact res/maven/tomcat-jni.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jni.jar +%mvn_artifact res/maven/tomcat-juli.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar +%mvn_artifact res/maven/tomcat-util-scan.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util-scan.jar +%mvn_artifact res/maven/tomcat-util.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util.jar +%mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar +%mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar +%mvn_artifact res/maven/tomcat.pom %mvn_install %pre @@ -469,7 +499,7 @@ fi %files docs-webapp %{appdir}/docs -%files lib +%files lib -f .mfiles %dir %{libdir} %{libdir}/*.jar %{_javadir}/*.jar @@ -506,6 +536,10 @@ fi %{appdir}/ROOT %changelog +* Tue Jun 20 2023 Hui Wang - 1:9.0.76-2 +- Resolves: rhbz#2210322 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete +- Install missing poms + * Wed Jun 14 2023 Hui Wang - 1:9.0.76-1 - Update to 9.0.76 - Resolves: rhbz#2188218 Link bin/tomcat-juli.jar to /usr/share/java From 8542e2075846c196f0b9bf32fe9d60d1e34cecc9 Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Wed, 26 Jul 2023 18:34:29 +0800 Subject: [PATCH 4/9] Fix duplicated jars in the tomcat lib subpackage --- sources | 2 +- tomcat.spec | 33 +++++++++++++++++++++++++-------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/sources b/sources index 2bc150a..fcff246 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.76-src.tar.gz) = 64de4778a4e142baa6e49d5b2d2ca30aaf0133fa1cb450ceb528d6da0440933d01dc9571b6f7b35162de41bf740b71487948ba179ea3d2c75a842848e1bae7bf +SHA512 (apache-tomcat-9.0.78-src.tar.gz) = 220bf46004c4cbad536a7040c979651ee49a13994cf83045369c1bfdc0a96c0172ddc8fd24ab76c9526591c50033d915dbd258939b24d22d660050dcb5abcad4 diff --git a/tomcat.spec b/tomcat.spec index 9ee7fee..810e73b 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 76 +%global micro_version 78 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -56,7 +56,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 2%{?dist} +Release: 1%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: ASL 2.0 @@ -353,17 +353,16 @@ popd %mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar %mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar %mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar + +%mvn_file org.apache.tomcat:tomcat-annotations-api tomcat/annotations-api %mvn_artifact res/maven/tomcat-annotations-api.pom ${RPM_BUILD_ROOT}%{libdir}/annotations-api.jar %mvn_artifact res/maven/tomcat-api.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-api.jar +%mvn_file org.apache.tomcat:tomcat-catalina-ant tomcat/catalina-ant %mvn_artifact res/maven/tomcat-catalina-ant.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ant.jar +%mvn_file org.apache.tomcat:tomcat-catalina-ha tomcat/catalina-ha %mvn_artifact res/maven/tomcat-catalina-ha.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ha.jar -%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar -%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar -%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar +%mvn_file org.apache.tomcat:tomcat-catalina tomcat/catalina %mvn_artifact res/maven/tomcat-catalina.pom ${RPM_BUILD_ROOT}%{libdir}/catalina.jar -%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar -%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar -%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar %mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar %mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar %mvn_artifact res/maven/tomcat-i18n-cs.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-cs.jar @@ -375,14 +374,28 @@ popd %mvn_artifact res/maven/tomcat-i18n-pt-BR.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-pt-BR.jar %mvn_artifact res/maven/tomcat-i18n-ru.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ru.jar %mvn_artifact res/maven/tomcat-i18n-zh-CN.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-zh-CN.jar +%mvn_file org.apache.tomcat:tomcat-jasper-el tomcat/jasper-el +%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar +%mvn_file org.apache.tomcat:tomcat-jasper tomcat/jasper +%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar +%mvn_file org.apache.tomcat:tomcat-jaspic-api tomcat/jaspic-api +%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar %mvn_artifact res/maven/tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jdbc.jar %mvn_artifact res/maven/tomcat-jni.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jni.jar %mvn_artifact res/maven/tomcat-juli.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar +%mvn_file org.apache.tomcat:tomcat-ssi tomcat/catalina-ssi +%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar +%mvn_file org.apache.tomcat:tomcat-storeconfig tomcat/catalina-storeconfig +%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar +%mvn_file org.apache.tomcat:tomcat-tribes tomcat/catalina-tribes +%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar %mvn_artifact res/maven/tomcat-util-scan.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util-scan.jar %mvn_artifact res/maven/tomcat-util.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util.jar +%mvn_file org.apache.tomcat:tomcat-websocket-api tomcat/websocket-api %mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar %mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar %mvn_artifact res/maven/tomcat.pom + %mvn_install %pre @@ -513,6 +526,7 @@ fi %exclude %{_javadir}/%{name}-servlet-api.jar %exclude %{_javadir}/%{name}-el-api.jar %exclude %{_javadir}/%{name}-jsp-api.jar +%exclude %{_jnidir}/* %files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api %{_javadir}/%{name}-jsp-%{jspspec}*.jar @@ -536,6 +550,9 @@ fi %{appdir}/ROOT %changelog +* Wed Jul 26 2023 Hui Wang - 1:9.0.78-1 +- Fix duplicated jars in the tomcat lib subpackage + * Tue Jun 20 2023 Hui Wang - 1:9.0.76-2 - Resolves: rhbz#2210322 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete - Install missing poms From d7c1ccecf71b24a723d8043ce18e71db504f3299 Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Wed, 26 Jul 2023 18:36:01 +0800 Subject: [PATCH 5/9] Fix %patchN command --- tomcat.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tomcat.spec b/tomcat.spec index 810e73b..4bdbdac 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -184,12 +184,12 @@ The ROOT web application for Apache Tomcat. find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete -%patch0 -p0 -%patch1 -p0 -%patch2 -p0 -%patch3 -p0 -%patch4 -p0 -%patch6 -p0 +%patch 0 -p0 +%patch 1 -p0 +%patch 2 -p0 +%patch 3 -p0 +%patch 4 -p0 +%patch 6 -p0 # Remove webservices naming resources as it's generally unused %{__rm} -rf java/org/apache/naming/factory/webservices From 3db96c3f9de4343b9ef3fd0b52d5bade2e667c6f Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Wed, 13 Sep 2023 16:11:49 +0800 Subject: [PATCH 6/9] Update to 9.0.80 --- sources | 2 +- tomcat.spec | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/sources b/sources index fcff246..2068d0a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.78-src.tar.gz) = 220bf46004c4cbad536a7040c979651ee49a13994cf83045369c1bfdc0a96c0172ddc8fd24ab76c9526591c50033d915dbd258939b24d22d660050dcb5abcad4 +SHA512 (apache-tomcat-9.0.80-src.tar.gz) = a2fb298c1fd2615e1a69371b5f84eb569e897faad3cbe17e3626460f5ce311085c120dd3f62c255fde87e6517915365ab52ada613776d45185b8e53624935114 diff --git a/tomcat.spec b/tomcat.spec index 4bdbdac..4abe9ab 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 78 +%global micro_version 80 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -94,7 +94,7 @@ BuildRequires: aqute-bnd BuildRequires: aqute-bndlib BuildRequires: systemd -Requires: java-headless >= 1:1.8.0 +Requires: (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java >= 1:1.8) Requires: javapackages-tools Requires: %{name}-lib = %{epoch}:%{version}-%{release} %if 0%{?fedora} || 0%{?rhel} > 7 @@ -550,6 +550,10 @@ fi %{appdir}/ROOT %changelog +* Wed Sep 13 2023 Hui Wang - 1:9.0.80-1 +- Update to 9.0.80 +- Fix java version + * Wed Jul 26 2023 Hui Wang - 1:9.0.78-1 - Fix duplicated jars in the tomcat lib subpackage From 54c4bd07ba867d3cdd686e8c6451296afc378959 Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Mon, 16 Oct 2023 12:15:41 +0800 Subject: [PATCH 7/9] Update to 9.0.82 Resolves: rhbz#2243613 [Major Incident] CVE-2023-44487 tomcat Resolves: rhbz#2244343 Wrong dbcp class in tomcat 9 --- sources | 2 +- tomcat-build.patch | 13 ++++++++++--- tomcat.spec | 7 ++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/sources b/sources index 2068d0a..05325b8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.80-src.tar.gz) = a2fb298c1fd2615e1a69371b5f84eb569e897faad3cbe17e3626460f5ce311085c120dd3f62c255fde87e6517915365ab52ada613776d45185b8e53624935114 +SHA512 (apache-tomcat-9.0.82-src.tar.gz) = 0291196832150147230a263bcfd64f7ac9ce9f6c26924f72b831d28479e7886f00b9ab3adff175785e8c5b47d8b16f7a7897acafa3474428f48cec02fd852b3e diff --git a/tomcat-build.patch b/tomcat-build.patch index 49c63ff..cdf73ef 100644 --- a/tomcat-build.patch +++ b/tomcat-build.patch @@ -1,12 +1,19 @@ diff -up ./res/bnd/build-defaults.bnd.orig ./res/bnd/build-defaults.bnd ---- ./res/bnd/build-defaults.bnd.orig 2020-07-13 13:47:01.229077747 -0400 -+++ ./res/bnd/build-defaults.bnd 2020-07-13 13:47:12.923095618 -0400 +--- res/bnd/build-defaults.bnd.orig 2023-10-16 11:23:04.752754202 +0800 ++++ res/bnd/build-defaults.bnd 2023-10-16 11:23:29.931876910 +0800 @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -Bundle-Version: ${version_cleanup;${version}} +Bundle-Version: ${version} + Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt Specification-Title: Apache Tomcat - Specification-Version: ${version.major.minor} +@@ -36,4 +36,4 @@ X-Compile-Target-JDK: ${compile.release} + + -removeheaders: DSTAMP,TODAY,TSTAMP + +-module.name: org.apache.${replace;${Bundle-Name};-;.} +\ No newline at end of file ++module.name: org.apache.${replace;${Bundle-Name};-;.} diff --git a/tomcat.spec b/tomcat.spec index 4abe9ab..7145845 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 80 +%global micro_version 82 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -550,6 +550,11 @@ fi %{appdir}/ROOT %changelog +* Mon Oct 16 2023 Hui Wang - 1:9.0.82-1 +- Update to 9.0.82 +- Resolves: rhbz#2243613 [Major Incident] CVE-2023-44487 tomcat +- Resolves: rhbz#2244343 Wrong dbcp class in tomcat 9 + * Wed Sep 13 2023 Hui Wang - 1:9.0.80-1 - Update to 9.0.80 - Fix java version From 3dabc211cb55979a16d74c8a166b86112a159689 Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Mon, 16 Oct 2023 19:24:29 +0800 Subject: [PATCH 8/9] Update tomcat-9.0.conf file --- tomcat-9.0.conf | 2 +- tomcat.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tomcat-9.0.conf b/tomcat-9.0.conf index e5fa60a..6e9eed1 100644 --- a/tomcat-9.0.conf +++ b/tomcat-9.0.conf @@ -35,7 +35,7 @@ CATALINA_TMPDIR="/var/cache/tomcat/temp" #JAVA_OPTS="-Djava.library.path=/usr/lib" # Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381 -JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory" +JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory" # You can change your tomcat locale here #LANG="en_US" diff --git a/tomcat.spec b/tomcat.spec index 7145845..89622a2 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -56,7 +56,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: ASL 2.0 @@ -550,6 +550,9 @@ fi %{appdir}/ROOT %changelog +* Mon Oct 16 2023 Hui Wang - 1:9.0.82-2 +- Update tomcat-9.0.conf + * Mon Oct 16 2023 Hui Wang - 1:9.0.82-1 - Update to 9.0.82 - Resolves: rhbz#2243613 [Major Incident] CVE-2023-44487 tomcat From dcd4eed87147934530f286b7a9a785b7e0f5eeae Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Mon, 4 Dec 2023 14:29:19 +0800 Subject: [PATCH 9/9] Update to 9.0.83 --- sources | 2 +- tomcat.spec | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 05325b8..4196751 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-tomcat-9.0.82-src.tar.gz) = 0291196832150147230a263bcfd64f7ac9ce9f6c26924f72b831d28479e7886f00b9ab3adff175785e8c5b47d8b16f7a7897acafa3474428f48cec02fd852b3e +SHA512 (apache-tomcat-9.0.83-src.tar.gz) = 28e112a9d01918434ad03c414058275bbc4e34be408c2cfe2d819c3a08cadc3c31920e279c5312529aa2f5abf1e002537012c5f06d43ba8894448afd5585c231 diff --git a/tomcat.spec b/tomcat.spec index 89622a2..ab212f4 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 82 +%global micro_version 83 %global packdname apache-tomcat-%{version}-src %global servletspec 4.0 %global elspec 3.0 @@ -56,7 +56,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 2%{?dist} +Release: 1%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: ASL 2.0 @@ -550,6 +550,9 @@ fi %{appdir}/ROOT %changelog +* Fri Dec 01 2023 Hui Wang - 1:9.0.83-1 +- Update to 9.0.83 + * Mon Oct 16 2023 Hui Wang - 1:9.0.82-2 - Update tomcat-9.0.conf