diff --git a/.gitignore b/.gitignore index fd61fdd..095e3b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ apache-tomcat-*-src.tar.gz - +apache-tomcat-*-src +results_tomcat/ +tomcat*src.rpm diff --git a/add_parent_logger_getter.patch b/add_parent_logger_getter.patch deleted file mode 100644 index 40b9268..0000000 --- a/add_parent_logger_getter.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/DataSourceProxy.java.sav 2012-01-17 13:55:44.000000000 +0400 -+++ modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/DataSourceProxy.java 2012-01-22 00:44:22.299789107 +0400 -@@ -19,9 +19,11 @@ package org.apache.tomcat.jdbc.pool; - import java.io.PrintWriter; - import java.sql.Connection; - import java.sql.SQLException; -+import java.sql.SQLFeatureNotSupportedException; - import java.util.Iterator; - import java.util.Properties; - import java.util.concurrent.Future; -+import java.util.logging.Logger; - - import javax.sql.XAConnection; - -@@ -534,6 +536,14 @@ public class DataSourceProxy implements - } - - /** -+ * no-op -+ * {@link javax.sql.DataSource#getParentLogger} -+ */ -+ public Logger getParentLogger() throws SQLFeatureNotSupportedException { -+ throw new SQLFeatureNotSupportedException(); -+ } -+ -+ /** - * no-op - * {@link javax.sql.DataSource#getLogWriter} - */ diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch new file mode 100644 index 0000000..3d40389 --- /dev/null +++ b/change-defaults-for-CVE-2020-1938.patch @@ -0,0 +1,222 @@ +diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java +--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig 2020-03-16 04:41:13.000000000 -0400 ++++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-04-22 15:42:50.544106513 -0400 +@@ -134,7 +134,7 @@ public abstract class AbstractAjpProtoco + } + + +- private boolean secretRequired = true; ++ private boolean secretRequired = false; + public void setSecretRequired(boolean secretRequired) { + this.secretRequired = secretRequired; + } +diff -up ./java/org/apache/coyote/ajp/AjpAprProtocol.java.orig ./java/org/apache/coyote/ajp/AjpAprProtocol.java +--- ./java/org/apache/coyote/ajp/AjpAprProtocol.java.orig 2020-03-16 04:41:13.000000000 -0400 ++++ ./java/org/apache/coyote/ajp/AjpAprProtocol.java 2020-04-22 15:42:50.544106513 -0400 +@@ -20,7 +20,6 @@ import org.apache.coyote.AbstractProtoco + import org.apache.coyote.Processor; + import org.apache.juli.logging.Log; + import org.apache.juli.logging.LogFactory; +-import org.apache.tomcat.util.compat.JreCompat; + import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.AprEndpoint; + import org.apache.tomcat.util.net.AprEndpoint.Handler; +@@ -62,7 +61,6 @@ public class AjpAprProtocol extends Abst + + public AjpAprProtocol() { + endpoint = new AprEndpoint(); +- endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress()); + cHandler = new AjpConnectionHandler(this); + ((AprEndpoint) endpoint).setHandler(cHandler); + setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); +diff -up ./java/org/apache/coyote/ajp/AjpNioProtocol.java.orig ./java/org/apache/coyote/ajp/AjpNioProtocol.java +--- ./java/org/apache/coyote/ajp/AjpNioProtocol.java.orig 2020-03-16 04:41:13.000000000 -0400 ++++ ./java/org/apache/coyote/ajp/AjpNioProtocol.java 2020-04-22 15:42:50.545106511 -0400 +@@ -23,7 +23,6 @@ import org.apache.coyote.AbstractProtoco + import org.apache.coyote.Processor; + import org.apache.juli.logging.Log; + import org.apache.juli.logging.LogFactory; +-import org.apache.tomcat.util.compat.JreCompat; + import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.NioChannel; + import org.apache.tomcat.util.net.NioEndpoint; +@@ -57,7 +56,6 @@ public class AjpNioProtocol extends Abst + + public AjpNioProtocol() { + endpoint = new NioEndpoint(); +- endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress()); + cHandler = new AjpConnectionHandler(this); + ((NioEndpoint) endpoint).setHandler(cHandler); + setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); +diff -up ./java/org/apache/coyote/ajp/AjpProtocol.java.orig ./java/org/apache/coyote/ajp/AjpProtocol.java +--- ./java/org/apache/coyote/ajp/AjpProtocol.java.orig 2020-03-16 04:41:13.000000000 -0400 ++++ ./java/org/apache/coyote/ajp/AjpProtocol.java 2020-04-22 15:42:50.545106511 -0400 +@@ -22,7 +22,6 @@ import org.apache.coyote.AbstractProtoco + import org.apache.coyote.Processor; + import org.apache.juli.logging.Log; + import org.apache.juli.logging.LogFactory; +-import org.apache.tomcat.util.compat.JreCompat; + import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.JIoEndpoint; + import org.apache.tomcat.util.net.JIoEndpoint.Handler; +@@ -58,7 +57,6 @@ public class AjpProtocol extends Abstrac + + public AjpProtocol() { + endpoint = new JIoEndpoint(); +- endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress()); + cHandler = new AjpConnectionHandler(this); + ((JIoEndpoint) endpoint).setHandler(cHandler); + setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); +diff -up ./java/org/apache/tomcat/util/compat/Jre7Compat.java.orig ./java/org/apache/tomcat/util/compat/Jre7Compat.java +--- ./java/org/apache/tomcat/util/compat/Jre7Compat.java.orig 2020-03-16 04:41:15.000000000 -0400 ++++ ./java/org/apache/tomcat/util/compat/Jre7Compat.java 2020-04-22 15:42:50.546106509 -0400 +@@ -20,7 +20,6 @@ import java.io.OutputStream; + import java.lang.reflect.Constructor; + import java.lang.reflect.InvocationTargetException; + import java.lang.reflect.Method; +-import java.net.InetAddress; + import java.sql.CallableStatement; + import java.sql.Connection; + import java.sql.DatabaseMetaData; +@@ -57,7 +56,6 @@ class Jre7Compat extends JreCompat { + private static final Method resultSetGetObjectName; + private static final Method statementCloseOnCompletion; + private static final Method statementIsCloseOnCompletion; +- private static final Method getLoopbackAddress; + + static { + Method m1 = null; +@@ -74,7 +72,6 @@ class Jre7Compat extends JreCompat { + Method m12 = null; + Method m13 = null; + Method m14 = null; +- Method m15 = null; + Constructor c = null; + try { + // Order is important for the error handling below. +@@ -94,7 +91,6 @@ class Jre7Compat extends JreCompat { + m12 = ResultSet.class.getMethod("getObject", String.class, Class.class); + m13 = Statement.class.getMethod("closeOnCompletion"); + m14 = Statement.class.getMethod("isCloseOnCompletion"); +- m15 = InetAddress.class.getMethod("getLoopbackAddress"); + } catch (SecurityException e) { + // Should never happen + log.error(sm.getString("jre7Compat.unexpected"), e); +@@ -122,7 +118,6 @@ class Jre7Compat extends JreCompat { + resultSetGetObjectName = m12; + statementCloseOnCompletion = m13; + statementIsCloseOnCompletion = m14; +- getLoopbackAddress = m15; + } + + +@@ -357,20 +352,6 @@ class Jre7Compat extends JreCompat { + } + } + +- +- @Override +- public InetAddress getLoopbackAddress() { +- try { +- return (InetAddress) getLoopbackAddress.invoke(null); +- } catch (IllegalArgumentException e) { +- throw new UnsupportedOperationException(e); +- } catch (IllegalAccessException e) { +- throw new UnsupportedOperationException(e); +- } catch (InvocationTargetException e) { +- throw new UnsupportedOperationException(e); +- } +- } +- + + // Java 9 methods + +diff -up ./java/org/apache/tomcat/util/compat/JreCompat.java.orig ./java/org/apache/tomcat/util/compat/JreCompat.java +--- ./java/org/apache/tomcat/util/compat/JreCompat.java.orig 2020-03-16 04:41:15.000000000 -0400 ++++ ./java/org/apache/tomcat/util/compat/JreCompat.java 2020-04-22 15:42:50.547106507 -0400 +@@ -21,10 +21,8 @@ import java.io.IOException; + import java.io.OutputStream; + import java.lang.reflect.AccessibleObject; + import java.lang.reflect.Method; +-import java.net.InetAddress; + import java.net.URL; + import java.net.URLConnection; +-import java.net.UnknownHostException; + import java.sql.CallableStatement; + import java.sql.Connection; + import java.sql.DatabaseMetaData; +@@ -234,32 +232,6 @@ public class JreCompat { + } + + +- public InetAddress getLoopbackAddress() { +- // Javadoc for getByName() states that calling with null will return one +- // of the loopback addresses +- InetAddress result = null; +- try { +- result = InetAddress.getByName(null); +- } catch (UnknownHostException e) { +- // This would be unusual but ignore it in this case. +- } +- if (result == null) { +- // Fallback to default IPv4 loopback address. +- // Not perfect but good enough and if the address is not valid the +- // bind will fail later with an appropriate error message +- try { +- result = InetAddress.getByName("127.0.0.1"); +- } catch (UnknownHostException e) { +- // Unreachable. +- // For text representations of IP addresses only the format is +- // checked. +- } +- } +- +- return result; +- } +- +- + // Java 6 implementation of Java 8 methods + + public static boolean isJre8Available() { +diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml +--- ./webapps/docs/changelog.xml.orig 2020-03-16 04:41:18.000000000 -0400 ++++ ./webapps/docs/changelog.xml 2020-04-22 15:42:50.554106492 -0400 +@@ -260,14 +260,10 @@ + Disable (comment out in server.xml) the AJP/1.3 connector by default. + (markt) + +- +- Change the default bind address for the AJP/1.3 connector to be the +- loopback address. (markt) +- + + Rename the requiredSecret attribute of the AJP/1.3 + Connector to secret and add a new attribute +- secretRequired that defaults to true. When ++ secretRequired that defaults to false. When + secretRequired is true the AJP/1.3 Connector + will not start unless the secret attribute is configured to + a non-null, non-zero length String. (markt) +diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml +--- ./webapps/docs/config/ajp.xml.orig 2020-04-22 15:42:50.557106486 -0400 ++++ ./webapps/docs/config/ajp.xml 2020-04-22 15:44:54.425843527 -0400 +@@ -306,7 +306,9 @@ + +

For servers with more than one IP address, this attribute specifies + which address will be used for listening on the specified port. By +- default, the connector will listen on the loopback address. Unless the JVM ++ default, this port will be used on all IP addresses associated with the ++ server. A value of 127.0.0.1 indicates that the Connector ++ will only listen on the loopback interface. Unless the JVM + is configured otherwise using system properties, the Java based connectors + (BIO, NIO) will listen on both IPv4 and IPv6 addresses when configured + with either 0.0.0.0 or ::. The APR/native +@@ -483,7 +485,7 @@ + the secret attribute is required to be specified for the + AJP Connector to start. It does not control whether + workers are required to provide the secret. The default value is +- true. This attribute should only be set to false ++ false. This attribute should only be set to false + when the Connector is used on a trusted network.

+ + diff --git a/sources b/sources index 2bb650f..083dee0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4ee89bfd85f6afb31c7675b05f0469cb apache-tomcat-7.0.47-src.tar.gz +SHA512 (apache-tomcat-7.0.106-src.tar.gz) = 5ce5a5af93c58e69c4758c2c0dedeadeceb6be920421b9d3b3d071d32fc8eb59ba8312c98d037b8434fe43d57a9f720ad8790de29a26ed2959f6c761fe1fd573 diff --git a/tomcat-7.0-catalina-policy.patch b/tomcat-7.0-catalina-policy.patch new file mode 100644 index 0000000..494e696 --- /dev/null +++ b/tomcat-7.0-catalina-policy.patch @@ -0,0 +1,37 @@ +--- conf/catalina.policy.orig 2016-08-05 11:13:17.192398668 -0400 ++++ conf/catalina.policy 2016-08-05 11:13:40.855396127 -0400 +@@ -51,6 +51,34 @@ + }; + + ++// ========== RHEL SPECIFIC CODE PERMISSIONS ======================================= ++ ++// Allowing everything in /usr/share/java allows too many unknowns to be permitted ++// Specifying the individual jars that tomcat needs to function with the security manager ++// is the safest way forward. ++grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/jakarta-commons-collections.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/jakarta-commons-dbcp.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/ecj.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/log4j.jar" { ++ permission java.security.AllPermission; ++}; ++ ++ + // ========== CATALINA CODE PERMISSIONS ======================================= + + diff --git a/tomcat-7.0-digest.script b/tomcat-7.0-digest.script index 2ff7e64..86f05ec 100644 --- a/tomcat-7.0-digest.script +++ b/tomcat-7.0-digest.script @@ -34,7 +34,7 @@ export CLASSPATH MAIN_CLASS="org.apache.catalina.startup.Tool" BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\"" BASE_OPTIONS="" -BASE_JARS="commons-daemon tomcat/catalina servlet" +BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote" # Set parameters set_classpath $BASE_JARS diff --git a/tomcat-7.0-jsvc.service b/tomcat-7.0-jsvc.service deleted file mode 100644 index 3792cef..0000000 --- a/tomcat-7.0-jsvc.service +++ /dev/null @@ -1,19 +0,0 @@ -# Systemd unit file for tomcat -# -# To create clones of this service: -# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined -# before tomcat-sysd is called. -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults - -[Unit] -Description=Apache Tomcat Web Application Container JSVC wrapper -After=syslog.target network.target - -[Service] -Type=forking -ExecStart=/usr/sbin/tomcat-jsvc-sysd start -ExecStop=/usr/sbin/tomcat-jsvc-sysd stop - -[Install] -WantedBy=multi-user.target diff --git a/tomcat-7.0-jsvc.wrapper b/tomcat-7.0-jsvc.wrapper index 56fcc09..3bcff1e 100644 --- a/tomcat-7.0-jsvc.wrapper +++ b/tomcat-7.0-jsvc.wrapper @@ -8,13 +8,16 @@ else fi # Get the tomcat config (use this for environment specific settings) -#if [ -z "${TOMCAT_CFG}" ]; then -# TOMCAT_CFG="/etc/tomcat/tomcat.conf" -#fi +# if $TOMCAT_CFG wasn't already loaded +if [ -z "${TOMCAT_CFG_LOADED}" ]; then + if [ -z "${TOMCAT_CFG}" ]; then + TOMCAT_CFG="/etc/tomcat/tomcat.conf" + fi -#if [ -r "$TOMCAT_CFG" ]; then -# . $TOMCAT_CFG -#fi + if [ -r "$TOMCAT_CFG" ]; then + . $TOMCAT_CFG + fi +fi set_javacmd @@ -29,6 +32,9 @@ CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" # if jsvc installed and USE_JSVC=true # then use jsvc instead of calling java directly if [ -x /usr/bin/jsvc ]; then + # Command to use for version so it doesn't use jsvc + VER_JAVACMD=$JAVACMD + JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out" if [ "$1" = "stop" ]; then JAVACMD="${JAVACMD} -stop" @@ -75,7 +81,7 @@ elif [ "$1" = "stop" ]; then org.apache.catalina.startup.Bootstrap stop \ >> ${CATALINA_BASE}/logs/catalina.out 2>&1 elif [ "$1" = "version" ]; then - ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ + ${VER_JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ org.apache.catalina.util.ServerInfo else echo "Usage: $0 {start|start-security|stop|version}" diff --git a/tomcat-7.0-log4j.properties b/tomcat-7.0-log4j.properties index dfc2309..1252a64 100644 --- a/tomcat-7.0-log4j.properties +++ b/tomcat-7.0-log4j.properties @@ -1,6 +1,6 @@ log4j.rootLogger=debug, R log4j.appender.R=org.apache.log4j.RollingFileAppender -log4j.appender.R.File=${catalina.base}/logs/tomcat.log +log4j.appender.R.File=${catalina.home}/logs/tomcat.log log4j.appender.R.MaxFileSize=10MB log4j.appender.R.MaxBackupIndex=10 log4j.appender.R.layout=org.apache.log4j.PatternLayout diff --git a/tomcat-7.0-tomcat-jsvc-sysd b/tomcat-7.0-tomcat-jsvc-sysd deleted file mode 100644 index 9134d5b..0000000 --- a/tomcat-7.0-tomcat-jsvc-sysd +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash -# -# This script provides systemd activation of the tomcat service -# To create clones of this service: -# 1) SERVICE_NAME must be defined before calling this script -# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat -# to override tomcat defaults - -# SERVICE_NAME is a required value only if the service name is -# different from 'tomcat' -# -NAME="${SERVICE_NAME:-tomcat}" - -#I'll bet this isn't required. -# unset ISBOOT - -# For SELinux we need to use 'runuser' not 'su' -if [ -x "/sbin/runuser" ]; then - SU="/sbin/runuser -s /bin/sh" -else - SU="/bin/su -s /bin/sh" -fi - -# Path to the tomcat launch script -TOMCAT_SCRIPT="/usr/sbin/tomcat-jsvc" - -# Define the tomcat username -TOMCAT_USER="${TOMCAT_USER:-tomcat}" - -# TOMCAT_LOG should be different from catalina.out. -# Usually the below config is all that is necessary -TOMCAT_LOG=/var/log/${NAME}/${NAME}-sysd.log - -# Get the tomcat config (use this for environment specific settings) -TOMCAT_CFG="/etc/tomcat/tomcat.conf" -if [ -r "$TOMCAT_CFG" ]; then - . $TOMCAT_CFG -fi - -# Get instance specific config file -if [ -r "/etc/sysconfig/${NAME}" ]; then - . /etc/sysconfig/${NAME} -fi - -function parseOptions() { - options="" - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' \ - $TOMCAT_CFG - )" - if [ -r "/etc/sysconfig/${NAME}" ]; then - options="$options $( - awk '!/^#/ && !/^$/ { ORS=" "; - print "export ", $0, ";" }' \ - /etc/sysconfig/${NAME} - )" - fi - TOMCAT_SCRIPT="$options ${TOMCAT_SCRIPT}" -} - -# See how we were called. -function start() { - # fix permissions on the log and pid files - export CATALINA_PID="/var/run/${NAME}.pid" - touch $CATALINA_PID 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID - fi - - touch $TOMCAT_LOG 2>&1 - if [ "$?" -eq "0" ]; then - chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG - fi - - # if jsvc installed and USE_JSVC=true - # then start as root and use jsvc to drop privileges - if [ -x /usr/bin/jsvc ]; then - TOMCAT_USER="root" - fi - - parseOptions - if [ "$SECURITY_MANAGER" = "true" ]; then - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1 - else - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> $TOMCAT_LOG 2>&1 - fi -} - -function stop() { - # if jsvc installed and USE_JSVC=true - # then start as root and use jsvc to drop privileges - if [ -x /usr/bin/jsvc ]; then - TOMCAT_USER="root" - fi - - parseOptions - $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1 -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; -esac - diff --git a/tomcat-7.0-tomcat-users-webapp.patch b/tomcat-7.0-tomcat-users-webapp.patch index 9f05e37..860c4cf 100644 --- a/tomcat-7.0-tomcat-users-webapp.patch +++ b/tomcat-7.0-tomcat-users-webapp.patch @@ -1,8 +1,8 @@ --- conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500 +++ conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500 @@ -23,4 +23,14 @@ - - + + --> + + @@ -13,5 +13,5 @@ + + + -+ ++ diff --git a/tomcat-7.0-tool-wrapper.script b/tomcat-7.0-tool-wrapper.script index 2640ce2..a43568b 100644 --- a/tomcat-7.0-tool-wrapper.script +++ b/tomcat-7.0-tool-wrapper.script @@ -34,7 +34,7 @@ export CLASSPATH MAIN_CLASS="org.apache.catalina.startup.Tool" BASE_OPTIONS="" BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\"" -BASE_JARS="commons-daemon tomcat/catalina servlet" +BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote" # Set parameters set_classpath $BASE_JARS diff --git a/tomcat-7.0.104-RemoveCompilerOptions.patch b/tomcat-7.0.104-RemoveCompilerOptions.patch new file mode 100644 index 0000000..1a6190c --- /dev/null +++ b/tomcat-7.0.104-RemoveCompilerOptions.patch @@ -0,0 +1,184 @@ +--- java/org/apache/jasper/compiler/JDTCompiler.java.orig 2020-06-08 14:28:56.745393437 +0800 ++++ java/org/apache/jasper/compiler/JDTCompiler.java 2020-06-08 14:33:16.421538658 +0800 +@@ -95,7 +95,6 @@ + /** + * Compile the servlet from .java file to .class file + */ +- @Override + protected void generateClass(String[] smap) throws FileNotFoundException, JasperException, Exception { + + long t1 = 0; +@@ -122,12 +121,10 @@ + this.sourceFile = sourceFile; + } + +- @Override + public char[] getFileName() { + return sourceFile.toCharArray(); + } + +- @Override + public char[] getContents() { + char[] result = null; + FileInputStream is = null; +@@ -167,7 +164,6 @@ + return result; + } + +- @Override + public char[] getMainTypeName() { + int dot = className.lastIndexOf('.'); + if (dot > 0) { +@@ -176,7 +172,6 @@ + return className.toCharArray(); + } + +- @Override + public char[][] getPackageName() { + StringTokenizer izer = new StringTokenizer(className, "."); + char[][] result = new char[izer.countTokens()-1][]; +@@ -187,7 +182,6 @@ + return result; + } + +- @Override + public boolean ignoreOptionalProblems() { + return false; + } +@@ -195,7 +189,6 @@ + + final INameEnvironment env = new INameEnvironment() { + +- @Override + public NameEnvironmentAnswer + findType(char[][] compoundTypeName) { + StringBuilder result = new StringBuilder(); +@@ -208,7 +201,6 @@ + return findType(result.toString()); + } + +- @Override + public NameEnvironmentAnswer findType(char[] typeName, char[][] packageName) { + StringBuilder result = new StringBuilder(); + String sep = ""; +@@ -281,7 +273,6 @@ + } + } + +- @Override + public boolean isPackage(char[][] parentPackageName, char[] packageName) { + StringBuilder result = new StringBuilder(); + String sep = ""; +@@ -302,7 +293,6 @@ + return isPackage(result.toString()); + } + +- @Override + public void cleanup() { + } + +@@ -350,43 +340,6 @@ + } else if(opt.equals("1.7")) { + settings.put(CompilerOptions.OPTION_Source, + CompilerOptions.VERSION_1_7); +- } else if(opt.equals("1.8")) { +- settings.put(CompilerOptions.OPTION_Source, +- CompilerOptions.VERSION_1_8); +- // Support old format that was used in EA implementation as well +- } else if(opt.equals("9") || opt.equals("1.9")) { +- settings.put(CompilerOptions.OPTION_Source, +- JDT_JAVA_9_VERSION); +- } else if(opt.equals("10")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "10"); +- } else if(opt.equals("11")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "11"); +- } else if(opt.equals("12")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "12"); +- } else if(opt.equals("13")) { +- // Constant not available in latest available ECJ version. +- // May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "13"); +- } else if(opt.equals("14")) { +- // Constant not available in latest available ECJ version. +- // May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "14"); +- } else if(opt.equals("15")) { +- // Constant not available in latest available ECJ version. +- // May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "15"); + } else { + log.warn(Localizer.getMessage("jsp.warning.unknown.sourceVM", opt)); + settings.put(CompilerOptions.OPTION_Source, +@@ -428,52 +381,6 @@ + CompilerOptions.VERSION_1_7); + settings.put(CompilerOptions.OPTION_Compliance, + CompilerOptions.VERSION_1_7); +- } else if(opt.equals("1.8")) { +- settings.put(CompilerOptions.OPTION_TargetPlatform, +- CompilerOptions.VERSION_1_8); +- settings.put(CompilerOptions.OPTION_Compliance, +- CompilerOptions.VERSION_1_8); +- } else if(opt.equals("9") || opt.equals("1.9")) { +- settings.put(CompilerOptions.OPTION_TargetPlatform, +- JDT_JAVA_9_VERSION); +- settings.put(CompilerOptions.OPTION_Compliance, +- JDT_JAVA_9_VERSION); +- } else if(opt.equals("10")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "10"); +- settings.put(CompilerOptions.OPTION_Compliance, "10"); +- } else if(opt.equals("11")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "11"); +- settings.put(CompilerOptions.OPTION_Compliance, "11"); +- } else if(opt.equals("12")) { +- // Constant not available in latest ECJ version that runs on +- // Java 6. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "12"); +- settings.put(CompilerOptions.OPTION_Compliance, "12"); +- } else if(opt.equals("13")) { +- // Constant not available in latest available ECJ version. +- // May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "13"); +- settings.put(CompilerOptions.OPTION_Compliance, "13"); +- } else if(opt.equals("14")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "14"); +- settings.put(CompilerOptions.OPTION_Compliance, "14"); +- } else if(opt.equals("15")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "15"); +- settings.put(CompilerOptions.OPTION_Compliance, "15"); + } else { + log.warn(Localizer.getMessage("jsp.warning.unknown.targetVM", opt)); + settings.put(CompilerOptions.OPTION_TargetPlatform, +@@ -491,7 +398,6 @@ + new DefaultProblemFactory(Locale.getDefault()); + + final ICompilerRequestor requestor = new ICompilerRequestor() { +- @Override + public void acceptResult(CompilationResult result) { + try { + if (result.hasProblems()) { diff --git a/tomcat-7.0.99-build.patch b/tomcat-7.0.99-build.patch new file mode 100644 index 0000000..80d2358 --- /dev/null +++ b/tomcat-7.0.99-build.patch @@ -0,0 +1,130 @@ +--- build.xml.orig 2019-12-11 08:21:52.000000000 -0500 ++++ build.xml 2020-02-06 14:32:03.578329367 -0500 +@@ -222,7 +222,6 @@ + + + +- + + + +@@ -244,7 +243,7 @@ + + + +- ++ + + + +@@ -636,7 +635,6 @@ + deprecation="${compile.deprecation}" + source="${compile.source}" + target="${compile.target}" +- release="${compile.release}" + encoding="ISO-8859-1" + includeAntRuntime="true" > + +@@ -1141,12 +1139,11 @@ + + + +- +- ++ + + + +- ++ + + + +@@ -1177,7 +1174,6 @@ + debug="${compile.debug}" deprecation="${compile.deprecation}" + source="${compile.source}" + target="${compile.target}" +- release="${compile.release}" + classpath="${tomcat.classes}" + encoding="ISO-8859-1" + includeantruntime="false"> +@@ -1189,7 +1185,6 @@ + debug="${compile.debug}" deprecation="${compile.deprecation}" + source="${compile.source}" + target="${compile.target}" +- release="${compile.release}" + classpath="${tomcat.classes}" + encoding="ISO-8859-1" + includeantruntime="false"> +@@ -1416,7 +1411,6 @@ + deprecation="${compile.deprecation}" + source="${compile.source}" + target="${compile.target}" +- release="${compile.release}" + encoding="ISO-8859-1" + includeantruntime="true"> + +@@ -1859,8 +1853,8 @@ + + + +- ++ + + +@@ -2912,16 +2906,6 @@ skip.installer property in build.propert + + + +- +- +- +- +- +- +- +- +- +- + + + + + +- ++ + + + +- ++ + + + +- ++ + + +- ++ + + + diff --git a/tomcat-7.0.conf b/tomcat-7.0.conf index 03119b7..327cdd9 100644 --- a/tomcat-7.0.conf +++ b/tomcat-7.0.conf @@ -1,37 +1,33 @@ # System-wide configuration file for tomcat services -# This will be loaded by systemd as an environment file, -# so please keep the syntax. +# This will be sourced by tomcat and any secondary service +# Values will be overridden by service-specific configuration +# files in /etc/sysconfig # -# There are 2 "classes" of startup behavior in this package. -# The old one, the default service named tomcat.service. -# The new named instances are called tomcat@instance.service. +# Use this one to change default values for all services +# Change the service specific ones to affect only one service +# (see, for instance, /etc/sysconfig/tomcat) # -# Use this file to change default values for all services. -# Change the service specific ones to affect only one service. -# For tomcat.service it's /etc/sysconfig/tomcat, for -# tomcat@instance it's /etc/sysconfig/tomcat@instance. # This variable is used to figure out if config is loaded or not. TOMCAT_CFG_LOADED="1" -# In new-style instances, if CATALINA_BASE isn't specified, it will -# be constructed by joining TOMCATS_BASE and NAME. -TOMCATS_BASE="/var/lib/tomcats/" - # Where your java installation lives JAVA_HOME="/usr/lib/jvm/jre" # Where your tomcat installation lives +CATALINA_BASE="@@@TCHOME@@@" CATALINA_HOME="@@@TCHOME@@@" - -# System-wide tmp -CATALINA_TMPDIR="/var/cache/tomcat/temp" +JASPER_HOME="@@@TCHOME@@@" +CATALINA_TMPDIR="@@@TCTEMP@@@" # You can pass some parameters to java here if you wish to #JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" # Use JAVA_OPTS to set java.library.path for libtcnative.so -#JAVA_OPTS="-Djava.library.path=/usr/lib" +#JAVA_OPTS="-Djava.library.path=@@@LIBDIR@@@" + +# What user should run tomcat +TOMCAT_USER="tomcat" # You can change your tomcat locale here #LANG="en_US" @@ -40,9 +36,18 @@ CATALINA_TMPDIR="/var/cache/tomcat/temp" SECURITY_MANAGER="false" # Time to wait in seconds, before killing process -# TODO(stingray): does nothing, fix. -# SHUTDOWN_WAIT="30" +SHUTDOWN_WAIT="30" + +# Whether to annoy the user with "attempting to shut down" messages or not +SHUTDOWN_VERBOSE="false" + +# Set the TOMCAT_PID location +CATALINA_PID="/var/run/tomcat.pid" + +# Connector port is 8080 for this tomcat instance +#CONNECTOR_PORT="8080" # If you wish to further customize your tomcat environment, # put your own definitions here # (i.e. LD_LIBRARY_PATH for some jdbc drivers) + diff --git a/tomcat-7.0.init b/tomcat-7.0.init new file mode 100644 index 0000000..dd737e8 --- /dev/null +++ b/tomcat-7.0.init @@ -0,0 +1,331 @@ +#!/bin/bash +# +# tomcat This shell script takes care of starting and stopping Tomcat +# +# chkconfig: - 80 20 +# +### BEGIN INIT INFO +# Provides: tomcat +# Required-Start: $network $syslog +# Required-Stop: $network $syslog +# Default-Start: +# Default-Stop: +# Description: Release implementation for Servlet 3.0 and JSP 2.2 +# Short-Description: start and stop tomcat +### END INIT INFO +# +# - originally written by Henri Gomez, Keith Irwin, and Nicolas Mailhot +# - heavily rewritten by Deepak Bhole and Jason Corley +# + +## Source function library. +#. /etc/rc.d/init.d/functions +# Source LSB function library. +if [ -r /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions +else + exit 1 +fi + +DISTRIB_ID=`lsb_release -i -s 2>/dev/null` + +NAME="$(basename $0)" +unset ISBOOT +if [ "${NAME:0:1}" = "S" -o "${NAME:0:1}" = "K" ]; then + NAME="${NAME:3}" + ISBOOT="1" +fi + +# For SELinux we need to use 'runuser' not 'su' +if [ -x "/sbin/runuser" ]; then + SU="/sbin/runuser -s /bin/sh" +else + SU="/bin/su -s /bin/sh" +fi + +# Get the tomcat config (use this for environment specific settings) +TOMCAT_CFG="/etc/tomcat/tomcat.conf" +if [ -r "$TOMCAT_CFG" ]; then + . $TOMCAT_CFG +fi + +# Get instance specific config file +if [ -r "/etc/sysconfig/${NAME}" ]; then + . /etc/sysconfig/${NAME} +fi + +# Define which connector port to use +CONNECTOR_PORT="${CONNECTOR_PORT:-8080}" + +# Path to the tomcat launch script +TOMCAT_SCRIPT="${TOMCAT_SCRIPT:-/usr/sbin/tomcat}" + +# Tomcat program name +TOMCAT_PROG="${NAME}" + +# Define the tomcat username +TOMCAT_USER="${TOMCAT_USER:-tomcat}" + +# Define the tomcat group +TOMCAT_GROUP="${TOMCAT_GROUP:-`id -gn $TOMCAT_USER`}" + +# Define the tomcat log file +TOMCAT_LOG="${TOMCAT_LOG:-${CATALINA_HOME}/logs/${NAME}-initd.log}" + +# Define the tomcat pid file +CATALINA_PID="${CATALINA_PID:-/var/run/${NAME}.pid}" + +# Variable to keep parseOptions status +OPTIONS_PARSED="0" + +RETVAL="0" + +# Look for open ports, as the function name might imply +function findFreePorts() { + local isSet1="false" + local isSet2="false" + local isSet3="false" + local lower="8000" + randomPort1="0" + randomPort2="0" + randomPort3="0" + local -a listeners="( $( + netstat -ntl | \ + awk '/^tcp/ {gsub("(.)*:", "", $4); print $4}' + ) )" + while [ "$isSet1" = "false" ] || \ + [ "$isSet2" = "false" ] || \ + [ "$isSet3" = "false" ]; do + let port="${lower}+${RANDOM:0:4}" + if [ -z `expr " ${listeners[*]} " : ".*\( $port \).*"` ]; then + if [ "$isSet1" = "false" ]; then + export randomPort1="$port" + isSet1="true" + elif [ "$isSet2" = "false" ]; then + export randomPort2="$port" + isSet2="true" + elif [ "$isSet3" = "false" ]; then + export randomPort3="$port" + isSet3="true" + fi + fi + done +} + +function makeHomeDir() { + if [ ! -d "$CATALINA_HOME" ]; then + echo "$CATALINA_HOME does not exist, creating" + if [ ! -d "/usr/share/${NAME}" ]; then + mkdir /usr/share/${NAME} + cp -pLR /usr/share/tomcat/* /usr/share/${NAME} + fi + mkdir -p /var/log/${NAME} \ + /var/cache/${NAME} \ + /var/tmp/${NAME} + ln -fs /var/cache/${NAME} ${CATALINA_HOME}/work + ln -fs /var/tmp/${NAME} ${CATALINA_HOME}/temp + cp -pLR /usr/share/${NAME}/bin $CATALINA_HOME + cp -pLR /usr/share/${NAME}/conf $CATALINA_HOME + ln -fs /usr/share/java/tomcat ${CATALINA_HOME}/lib + ln -fs /usr/share/tomcat/webapps ${CATALINA_HOME}/webapps + install -o ${TOMCAT_USER} -g ${TOMCAT_GROUP} -d -m 0770 /var/log/${NAME} + fi +} + +function parseOptions() { + options="" + options="$options $( + awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' \ + $TOMCAT_CFG + )" + if [ -r "/etc/sysconfig/${NAME}" ]; then + options="$options $( + awk '!/^#/ && !/^$/ { ORS=" "; + print "export ", $0, ";" }' \ + /etc/sysconfig/${NAME} + )" + fi + if [ "$OPTIONS_PARSED" -eq 0 ]; then + TOMCAT_SCRIPT="$options ${TOMCAT_SCRIPT}" + OPTIONS_PARSED=1 + fi +} + +# See how we were called. +function start() { + + echo -n "Starting ${TOMCAT_PROG}: " + if [ "$RETVAL" != "0" ]; then + log_failure_msg + return + fi + if [ -f "/var/lock/subsys/${NAME}" ]; then + if [ -s "$CATALINA_PID" ]; then + read kpid < $CATALINA_PID +# if checkpid $kpid 2>&1; then + if [ -d "/proc/${kpid}" ]; then + log_success_msg + if [ "$DISTRIB_ID" = "MandrivaLinux" ]; then + echo + fi + return 0 + fi + fi + fi + # fix permissions on the log and pid files + touch $CATALINA_PID 2>&1 || RETVAL="4" + if [ "$RETVAL" -eq "0" -a "$?" -eq "0" ]; then + install -o ${TOMCAT_USER} -g ${TOMCAT_GROUP} -m 644 /dev/null "${CATALINA_PID}" + fi + [ "$RETVAL" -eq "0" ] && touch $TOMCAT_LOG 2>&1 || RETVAL="4" + if [ "$RETVAL" -eq "0" -a "$?" -eq "0" ]; then + if [ ! -f "${TOMCAT_LOG}" ]; then + install -o ${TOMCAT_USER} -g ${TOMCAT_GROUP} -m 644 /dev/null "${TOMCAT_LOG}" + fi + fi + if [ "$CATALINA_HOME" != "/usr/share/tomcat" -a "$RETVAL" -eq "0" ]; then + # Create a tomcat directory if it doesn't exist + makeHomeDir + # If CATALINA_HOME doesn't exist modify port number so that + # multiple instances don't interfere with each other + findFreePorts + sed -i -e "s/8005/${randomPort1}/g" -e "s/8080/${CONNECTOR_PORT}/g" \ + -e "s/8009/${randomPort2}/g" -e "s/8443/${randomPort3}/g" \ + ${CATALINA_HOME}/conf/server.xml + fi + parseOptions + if [ "$RETVAL" -eq "0" -a "$SECURITY_MANAGER" = "true" ]; then + $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" \ + >> ${TOMCAT_LOG} 2>&1 || RETVAL="4" + else + + [ "$RETVAL" -eq "0" ] && $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> ${TOMCAT_LOG} 2>&1 || RETVAL="4" + fi + if [ "$RETVAL" -eq "0" ]; then + log_success_msg + touch /var/lock/subsys/${NAME} + else + log_failure_msg "Error code ${RETVAL}" + fi + if [ "$DISTRIB_ID" = "MandrivaLinux" ]; then + echo + fi +} + +function stop() { + echo -n "Stopping ${TOMCAT_PROG}: " + if [ -f "/var/lock/subsys/${NAME}" ]; then + parseOptions + if [ "$RETVAL" -eq "0" ]; then + touch /var/lock/subsys/${NAME} 2>&1 || RETVAL="4" + [ "$RETVAL" -eq "0" ] && $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> ${TOMCAT_LOG} 2>&1 || RETVAL="4" + fi + if [ "$RETVAL" -eq "0" ]; then + count="0" + if [ -s "$CATALINA_PID" ]; then + read kpid < $CATALINA_PID + until [ "$(ps --pid $kpid | grep -c $kpid)" -eq "0" ] || \ + [ "$count" -gt "$SHUTDOWN_WAIT" ]; do + if [ "$SHUTDOWN_VERBOSE" = "true" ]; then + echo "waiting for processes $kpid to exit" + fi + sleep 1 + let count="${count}+1" + done + if [ "$count" -gt "$SHUTDOWN_WAIT" ]; then + if [ "$SHUTDOWN_VERBOSE" = "true" ]; then + log_warning_msg "killing processes which did not stop after ${SHUTDOWN_WAIT} seconds" + fi + kill -9 $kpid + fi + log_success_msg + fi + rm -f /var/lock/subsys/${NAME} $CATALINA_PID + else + log_failure_msg + RETVAL="4" + fi + else + log_success_msg + RETVAL="0" + fi + if [ "$DISTRIB_ID" = "MandrivaLinux" ]; then + echo + fi +} + +function usage() +{ + echo "Usage: $0 {start|stop|restart|condrestart|try-restart|reload|force-reload|status|version}" + RETVAL="2" +} + +# See how we were called. +RETVAL="0" +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + condrestart|try-restart) + if [ -s "$CATALINA_PID" ]; then + stop + start + fi + ;; + reload) + RETVAL="3" + ;; + force-reload) + if [ -s "$CATALINA_PID" ]; then + stop + start + fi + ;; + status) + if [ -s "$CATALINA_PID" ]; then + read kpid < $CATALINA_PID + if [ -d "/proc/${kpid}" ]; then + log_success_msg "${NAME} (pid ${kpid}) is running..." + RETVAL="0" + else +# The pid file exists but the process is not running + log_warning_msg "PID file exists, but process is not running" + RETVAL="1" + fi + else + pid="$(/usr/bin/pgrep -d , -u ${TOMCAT_USER} -G ${TOMCAT_USER} -f "catalina\.base=${CATALINA_BASE}[ $]")" + if [ -z "$pid" ]; then +# status ${NAME} +# RETVAL="$?" + log_success_msg "${NAME} is stopped" + RETVAL="3" + else + log_success_msg "${NAME} (pid $pid) is running..." + RETVAL="0" + fi + fi + if [ -f /var/lock/subsys/${NAME} ]; then + pid="$(/usr/bin/pgrep -d , -u ${TOMCAT_USER} -G ${TOMCAT_USER} -f "catalina\.base=${CATALINA_BASE}[ $]")" +# The lockfile exists but the process is not running + if [ -z "$pid" ]; then + log_failure_msg "${NAME} lockfile exists but process is not running" + RETVAL="2" + fi + fi + ;; + version) + ${TOMCAT_SCRIPT} version + ;; + *) + usage + ;; +esac + +exit $RETVAL diff --git a/tomcat-7.0.service b/tomcat-7.0.service deleted file mode 100644 index 103d464..0000000 --- a/tomcat-7.0.service +++ /dev/null @@ -1,23 +0,0 @@ -# Systemd unit file for default tomcat -# -# To create clones of this service: -# DO NOTHING, use tomcat@.service instead. - -[Unit] -Description=Apache Tomcat Web Application Container -After=syslog.target network.target - -[Service] -Type=simple -EnvironmentFile=/etc/tomcat/tomcat.conf -Environment="NAME=" -EnvironmentFile=-/etc/sysconfig/tomcat -ExecStart=/usr/libexec/tomcat/server start -ExecStop=/usr/libexec/tomcat/server stop -SuccessExitStatus=143 -User=tomcat -Group=tomcat - - -[Install] -WantedBy=multi-user.target diff --git a/tomcat-7.0.sysconfig b/tomcat-7.0.sysconfig index 3117bf7..c1337e8 100644 --- a/tomcat-7.0.sysconfig +++ b/tomcat-7.0.sysconfig @@ -1,11 +1,56 @@ # Service-specific configuration file for tomcat. This will be sourced by -# systemd for the default service (tomcat.service) -# If you want to customize named instance, make a similar file -# and name it tomcat@instancename. +# the SysV init script after the global configuration file +# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in +# a per-service manner. +# +# NEVER change the init script itself. To change values for all services make +# your changes in /etc/tomcat/tomcat.conf +# +# To change values for a specific service make your edits here. +# To create a new service create a link from /etc/init.d/ to +# /etc/init.d/tomcat (do not copy the init script) and make a copy of the +# /etc/sysconfig/tomcat file to /etc/sysconfig/ and change +# the property values so the two services won't conflict. Register the new +# service in the system as usual (see chkconfig and similars). +# -# You will not need to set this, usually. For default service it equals -# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME} +# Where your java installation lives +#JAVA_HOME="/usr/lib/jvm/java" + +# Where your tomcat installation lives #CATALINA_BASE="@@@TCHOME@@@" +#CATALINA_HOME="@@@TCHOME@@@" +#JASPER_HOME="@@@TCHOME@@@" +#CATALINA_TMPDIR="@@@TCTEMP@@@" + +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=@@@LIBDIR@@@" + +# What user should run tomcat +#TOMCAT_USER="tomcat" + +# You can change your tomcat locale here +#LANG="en_US" + +# Run tomcat under the Java Security Manager +#SECURITY_MANAGER="false" + +# Time to wait in seconds, before killing process +#SHUTDOWN_WAIT="30" + +# Whether to annoy the user with "attempting to shut down" messages or not +#SHUTDOWN_VERBOSE="false" + +# Set the TOMCAT_PID location +#CATALINA_PID="/var/run/tomcat.pid" + +# Connector port is 8080 for this tomcat instance +#CONNECTOR_PORT="8080" + +# If you wish to further customize your tomcat environment, +# put your own definitions here +# (i.e. LD_LIBRARY_PATH for some jdbc drivers) -# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you -# can override. diff --git a/tomcat-7.0.wrapper b/tomcat-7.0.wrapper index c97cb85..61b25c3 100644 --- a/tomcat-7.0.wrapper +++ b/tomcat-7.0.wrapper @@ -1,24 +1,76 @@ #!/bin/bash -if [ "$1" = "version" ]; then - . /usr/libexec/tomcat/preamble - exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ - org.apache.catalina.util.ServerInfo +if [ -r /usr/share/java-utils/java-functions ]; then + . /usr/share/java-utils/java-functions +else + echo "Can't read Java functions library, aborting" + exit 1 fi -SRV="tomcat" -if [ -n "$2" ]; then - SRV="tomcat@$2" +# Get the tomcat config (use this for environment specific settings) +# if $TOMCAT_CFG wasn't already loaded +if [ -z "${TOMCAT_CFG_LOADED}" ]; then + if [ -z "${TOMCAT_CFG}" ]; then + TOMCAT_CFG="/etc/tomcat/tomcat.conf" + fi + + if [ -r "$TOMCAT_CFG" ]; then + . $TOMCAT_CFG + fi fi +set_javacmd +# CLASSPATH munging +if [ -n "$JSSE_HOME" ]; then + CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)" +fi +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" +CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" +CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" + if [ "$1" = "start" ]; then - systemctl start ${SRV}.service + ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ + -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ + -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ + org.apache.catalina.startup.Bootstrap start \ + >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & + if [ ! -z "$CATALINA_PID" ]; then + echo $! > $CATALINA_PID + fi +elif [ "$1" = "start-security" ]; then + ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ + -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + -Djava.security.manager \ + -Djava.security.policy=="${CATALINA_BASE}/conf/catalina.policy" \ + -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ + -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ + org.apache.catalina.startup.Bootstrap start \ + >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & + if [ ! -z "$CATALINA_PID" ]; then + echo $! > $CATALINA_PID + fi elif [ "$1" = "stop" ]; then - systemctl stop ${SRV}.service + ${JAVACMD} $JAVA_OPTS \ + -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap stop \ + >> ${CATALINA_BASE}/logs/catalina.out 2>&1 elif [ "$1" = "version" ]; then ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ org.apache.catalina.util.ServerInfo else - echo "Usage: $0 {start|stop|version} [server-id]" + echo "Usage: $0 {start|start-security|stop|version}" exit 1 fi diff --git a/tomcat-named.service b/tomcat-named.service deleted file mode 100644 index 9bbcb17..0000000 --- a/tomcat-named.service +++ /dev/null @@ -1,26 +0,0 @@ -# Systemd unit file for tomcat instances. -# -# To create clones of this service: -# 0. systemctl enable tomcat@name.service -# 1. create catalina.base directory structure in -# /var/lib/tomcats/name -# 2. profit. - -[Unit] -Description=Apache Tomcat Web Application Container -After=syslog.target network.target - -[Service] -Type=simple -EnvironmentFile=/etc/tomcat/tomcat.conf -Environment="NAME=%I" -EnvironmentFile=-/etc/sysconfig/tomcat@%I -ExecStart=/usr/libexec/tomcat/server start -ExecStop=/usr/libexec/tomcat/server stop -SuccessExitStatus=143 -User=tomcat -Group=tomcat - -[Install] -WantedBy=multi-user.target - diff --git a/tomcat-preamble b/tomcat-preamble deleted file mode 100644 index 9627522..0000000 --- a/tomcat-preamble +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -if [ -r /usr/share/java-utils/java-functions ]; then - . /usr/share/java-utils/java-functions -else - echo "Can't read Java functions library, aborting" - exit 1 -fi - -# Get the tomcat config (use this for environment specific settings) - -if [ -z "${TOMCAT_CFG_LOADED}" ]; then - if [ -z "${TOMCAT_CFG}" ]; then - TOMCAT_CFG="/etc/tomcat/tomcat.conf" - fi - . $TOMCAT_CFG -fi - -if [ -z "$CATALINA_BASE" ]; then - if [ -n "$NAME" ]; then - if [ -z "$TOMCATS_BASE" ]; then - TOMCATS_BASE="/var/lib/tomcats/" - fi - CATALINA_BASE="${TOMCATS_BASE}${NAME}" - else - CATALINA_BASE="${CATALINA_HOME}" - fi -fi - -VERBOSE=1 -set_javacmd -cd ${CATALINA_HOME} -# CLASSPATH munging -if [ ! -z "$CLASSPATH" ] ; then - CLASSPATH="$CLASSPATH": -fi - -if [ -n "$JSSE_HOME" ]; then - CLASSPATH="${CLASSPATH}$(build-classpath jcert jnet jsse 2>/dev/null):" -fi -CLASSPATH="${CLASSPATH}${CATALINA_HOME}/bin/bootstrap.jar" -CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" -CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" - -if [ -z "$LOGGING_PROPERTIES" ] ; then - LOGGING_PROPERTIES="${CATALINA_BASE}/conf/logging.properties" - if [ ! -f "${LOGGING_PROPERTIES}" ] ; then - LOGGING_PROPERTIES="${CATALINA_HOME}/conf/logging.properties" - fi -fi diff --git a/tomcat-server b/tomcat-server deleted file mode 100644 index bd55999..0000000 --- a/tomcat-server +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -. /usr/libexec/tomcat/preamble - -MAIN_CLASS=org.apache.catalina.startup.Bootstrap - -FLAGS="$JAVA_OPTS $CATALINA_OPTS" -OPTIONS="-Dcatalina.base=$CATALINA_BASE \ --Dcatalina.home=$CATALINA_HOME \ --Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \ --Djava.io.tmpdir=$CATALINA_TMPDIR \ --Djava.util.logging.config.file=${LOGGING_PROPERTIES} \ --Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" - -if [ "$1" = "start" ] ; then - if [ "${SECURITY_MANAGER}" = "true" ] ; then - OPTIONS="${OPTIONS} \ - -Djava.security.manager \ - -Djava.security.policy==${CATALINA_BASE}/conf/catalina.policy" - fi - run start -elif [ "$1" = "stop" ] ; then - run stop -fi diff --git a/tomcat.spec b/tomcat.spec index fb9ef77..a8dd919 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.2 %global major_version 7 %global minor_version 0 -%global micro_version 47 +%global micro_version 106 %global packdname apache-tomcat-%{version}-src %global servletspec 3.0 %global elspec 2.2 @@ -49,19 +49,20 @@ %global tempdir %{cachedir}/temp %global workdir %{cachedir}/work %global _initrddir %{_sysconfdir}/init.d -%global _systemddir /lib/systemd/system Name: tomcat Epoch: 0 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 3%{?dist} +Release: 1%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Group: System Environment/Daemons License: ASL 2.0 URL: http://tomcat.apache.org/ + Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf +Source2: %{name}-%{major_version}.%{minor_version}.init Source3: %{name}-%{major_version}.%{minor_version}.sysconfig Source4: %{name}-%{major_version}.%{minor_version}.wrapper Source5: %{name}-%{major_version}.%{minor_version}.logrotate @@ -70,54 +71,48 @@ Source7: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script Source8: servlet-api-OSGi-MANIFEST.MF Source9: jsp-api-OSGi-MANIFEST.MF Source10: %{name}-%{major_version}.%{minor_version}-log4j.properties -Source11: %{name}-%{major_version}.%{minor_version}.service -Source12: el-api-OSGi-MANIFEST.MF -Source13: jasper-el-OSGi-MANIFEST.MF -Source14: jasper-OSGi-MANIFEST.MF -Source15: tomcat-api-OSGi-MANIFEST.MF -Source16: tomcat-juli-OSGi-MANIFEST.MF -Source18: %{name}-%{major_version}.%{minor_version}-tomcat-jsvc-sysd -Source19: %{name}-%{major_version}.%{minor_version}-jsvc.wrapper -Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service -Source30: tomcat-preamble -Source31: tomcat-server -Source32: tomcat-named.service +Source11: el-api-OSGi-MANIFEST.MF +Source12: jasper-el-OSGi-MANIFEST.MF +Source13: jasper-OSGi-MANIFEST.MF +Source14: tomcat-api-OSGi-MANIFEST.MF +Source15: tomcat-juli-OSGi-MANIFEST.MF +Source16: %{name}-%{major_version}.%{minor_version}-jsvc.wrapper Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch +# Adding patch to remove java 1.8 compiler options due to outdated ecj version in el6 +Patch2: %{name}-7.0.104-RemoveCompilerOptions.patch +# Adding patch to remove unsupport ant tasks/attributes +Patch3: %{name}-7.0.99-build.patch +Patch4: %{name}-7.0-catalina-policy.patch +Patch5: change-defaults-for-CVE-2020-1938.patch BuildArch: noarch +ExcludeArch: ppc64 + BuildRequires: ant -BuildRequires: ecj >= 1:4.2.1 +BuildRequires: ant-nodeps +BuildRequires: ant-trax +BuildRequires: ecj BuildRequires: findutils -BuildRequires: apache-commons-collections -BuildRequires: apache-commons-daemon -BuildRequires: apache-commons-dbcp -BuildRequires: apache-commons-pool +BuildRequires: jakarta-commons-daemon BuildRequires: jakarta-taglibs-standard -BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: java7-devel >= 1:1.7.0 BuildRequires: jpackage-utils >= 0:1.7.0 BuildRequires: junit BuildRequires: log4j -BuildRequires: geronimo-jaxrpc BuildRequires: wsdl4j -BuildRequires: systemd-units -Requires: apache-commons-daemon -Requires: apache-commons-logging -Requires: apache-commons-collections -Requires: apache-commons-dbcp -Requires: apache-commons-pool + +Requires: jakarta-commons-daemon Requires: java >= 1:1.6.0 -Requires: jpackage-utils Requires: procps Requires: %{name}-lib = %{epoch}:%{version}-%{release} Requires(pre): shadow-utils Requires(post): chkconfig Requires(preun): chkconfig -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units +Requires(post): /lib/lsb/init-functions +Requires(preun): /lib/lsb/init-functions %description Tomcat is the servlet container that is used in the official Reference @@ -157,7 +152,7 @@ Javadoc generated documentation for Apache Tomcat. Group: System Environment/Daemons Summary: Apache jsvc wrapper for Apache Tomcat as separate service Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: apache-commons-daemon-jsvc +Requires: jakarta-commons-daemon-jsvc %description jsvc Systemd service and wrapper scripts to start tomcat with jsvc, @@ -170,6 +165,7 @@ Summary: Apache Tomcat JSP API implementation classes Provides: jsp = %{jspspec} Provides: jsp22 Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release} +Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} Requires(post): chkconfig Requires(postun): chkconfig @@ -183,10 +179,7 @@ Summary: Libraries needed to run the Tomcat Web container Requires: %{name}-jsp-%{jspspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} -Requires: ecj >= 1:4.2.1 -Requires: apache-commons-collections -Requires: apache-commons-dbcp -Requires: apache-commons-pool +Requires: ecj Requires(preun): coreutils %description lib @@ -232,46 +225,40 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch0 -p0 %patch1 -p0 +%patch2 -p0 +%patch3 -p0 +%patch4 -p0 +%patch5 -p0 + %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar %build -export OPT_JAR_LIST="xalan-j2-serializer" - # we don't care about the tarballs and we're going to replace - # tomcat-dbcp.jar with apache-commons-{collections,dbcp,pool}-tomcat5.jar - # so just create a dummy file for later removal +export OPT_JAR_LIST="ant/ant-trax ant/ant-nodeps xalan-j2-serializer" touch HACK %{__mkdir_p} HACKDIR touch HACKDIR/build.xml # who needs a build.properties file anyway %{ant} -Dbase.path="." \ -Dbuild.compiler="modern" \ - -Dcommons-collections.jar="$(build-classpath apache-commons-collections)" \ - -Dcommons-daemon.jar="$(build-classpath apache-commons-daemon)" \ + -Dcommons-daemon.jar="$(build-classpath jakarta-commons-daemon)" \ -Dcommons-daemon.native.src.tgz="HACK" \ - -Djasper-jdt.jar="$(build-classpath ecj)" \ -Djdt.jar="$(build-classpath ecj)" \ - -Dtomcat-dbcp.jar="$(build-classpath apache-commons-dbcp)" \ -Dtomcat-native.tar.gz="HACK" \ -Dtomcat-native.home="." \ -Dcommons-daemon.native.win.mgr.exe="HACK" \ -Dnsis.exe="HACK" \ - -Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \ + -Djaxrpc-lib.jar="HACK" \ -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \ - -Dcommons-pool.home="HACKDIR" \ - -Dcommons-dbcp.home="HACKDIR" \ - -Dno.build.dbcp=true \ -Dversion="%{version}" \ -Dversion.build="%{micro_version}" \ + -Djava.7.home=%{java_home} \ deploy dist-prepare dist-source javadoc # remove some jars that we'll replace with symlinks later %{__rm} output/build/bin/commons-daemon.jar \ - output/build/lib/ecj.jar \ - output/build/lib/apache-commons-dbcp.jar + output/build/lib/ecj.jar - # remove the cruft we created - %{__rm} output/build/bin/tomcat-native.tar.gz pushd output/dist/src/webapps/docs/appdev/sample/src %{__mkdir_p} ../web/WEB-INF/classes %{javac} -cp ../../../../../../../../output/build/lib/servlet-api.jar -d ../web/WEB-INF/classes mypackage/Hello.java @@ -284,25 +271,25 @@ popd mkdir -p META-INF cp -p %{SOURCE8} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/servlet-api.jar META-INF/MANIFEST.MF +zip output/build/lib/servlet-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE9} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jsp-api.jar META-INF/MANIFEST.MF +zip output/build/lib/jsp-api.jar META-INF/MANIFEST.MF +cp -p %{SOURCE11} META-INF/MANIFEST.MF +touch META-INF/MANIFEST.MF +zip output/build/lib/el-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE12} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/el-api.jar META-INF/MANIFEST.MF +zip output/build/lib/jasper-el.jar META-INF/MANIFEST.MF cp -p %{SOURCE13} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jasper-el.jar META-INF/MANIFEST.MF +zip output/build/lib/jasper.jar META-INF/MANIFEST.MF cp -p %{SOURCE14} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jasper.jar META-INF/MANIFEST.MF +zip output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE15} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF -cp -p %{SOURCE16} META-INF/MANIFEST.MF -touch META-INF/MANIFEST.MF -zip -u output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF +zip output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF %install # build initial path structure @@ -310,7 +297,6 @@ zip -u output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sbindir} %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_javadocdir}/%{name} %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_initrddir} -%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_systemddir} %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{appdir} @@ -326,8 +312,6 @@ zip -u output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{homedir} %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{tempdir} %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{workdir} -%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_unitdir} -%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}/%{name} # move things into place # First copy supporting libs to tomcat lib @@ -349,16 +333,13 @@ popd -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \ > ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} +%{__install} -m 0644 %{SOURCE2} \ + ${RPM_BUILD_ROOT}%{_initrddir}/%{name} %{__install} -m 0644 %{SOURCE4} \ ${RPM_BUILD_ROOT}%{_sbindir}/%{name} -%{__install} -m 0644 %{SOURCE11} \ - ${RPM_BUILD_ROOT}%{_unitdir}/%{name}.service -%{__install} -m 0644 %{SOURCE19} \ +%{__install} -m 0644 %{SOURCE16} \ ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc -%{__install} -m 0644 %{SOURCE20} \ - ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-jsvc.service -%{__install} -m 0644 %{SOURCE18} \ - ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc-sysd +%{__ln_s} %{name} ${RPM_BUILD_ROOT}%{_sbindir}/d%{name} %{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \ > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ @@ -369,14 +350,6 @@ popd -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \ > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-tool-wrapper - -%{__install} -m 0755 %{SOURCE30} \ - ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/preamble -%{__install} -m 0755 %{SOURCE31} \ - ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/server -%{__install} -m 0644 %{SOURCE32} \ - ${RPM_BUILD_ROOT}%{_unitdir}/%{name}@.service - # create jsp and servlet API symlinks pushd ${RPM_BUILD_ROOT}%{_javadir} %{__mv} %{name}/jsp-api.jar %{name}-jsp-%{jspspec}-api.jar @@ -388,8 +361,7 @@ pushd ${RPM_BUILD_ROOT}%{_javadir} popd pushd output/build - %{_bindir}/build-jar-repository lib apache-commons-collections \ - apache-commons-dbcp apache-commons-pool ecj 2>&1 + %{_bindir}/build-jar-repository lib ecj 2>&1 # need to use -p here with b-j-r otherwise the examples webapp fails to # load with a java.io.IOException %{_bindir}/build-jar-repository -p webapps/examples/WEB-INF/lib \ @@ -401,9 +373,6 @@ pushd ${RPM_BUILD_ROOT}%{libdir} %{__ln_s} ../%{name}-jsp-%{jspspec}-api.jar . %{__ln_s} ../%{name}-servlet-%{servletspec}-api.jar . %{__ln_s} ../%{name}-el-%{elspec}-api.jar . - %{__ln_s} $(build-classpath apache-commons-collections) commons-collections.jar - %{__ln_s} $(build-classpath apache-commons-dbcp) commons-dbcp.jar - %{__ln_s} $(build-classpath apache-commons-pool) commons-pool.jar %{__ln_s} $(build-classpath log4j) log4j.jar %{__ln_s} $(build-classpath ecj) jasper-jdt.jar @@ -440,52 +409,47 @@ pushd ${RPM_BUILD_ROOT}%{appdir}/examples/WEB-INF/lib %{__ln_s} -f $(build-classpath jakarta-taglibs-standard) standard.jar popd +%add_to_maven_depmap javax.servlet servlet-api %{servletspec} JPP %{name}-servlet-%{servletspec}-api +%add_to_maven_depmap org.mortbay.jetty servlet-api %{servletspec} JPP %{name}-servlet-%{servletspec}-api +mv %{buildroot}%{_mavendepmapfragdir}/%{name} %{buildroot}%{_mavendepmapfragdir}/%{name}-servlet-api + # Install the maven metadata %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir} pushd output/dist/src/res/maven -for pom in *.pom; do - # fix-up version in all pom files - sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom -done -# we won't install dbcp, juli-adapters and juli-extras pom files -for libname in annotations-api catalina jasper-el jasper catalina-ha; do - %{__cp} -a %{name}-$libname.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-$libname.pom - %add_maven_depmap JPP.%{name}-$libname.pom %{name}/$libname.jar +#we won't install dhcp, juli-adapters and juli-extras pom files +for pom in tomcat-annotations-api.pom tomcat-catalina.pom tomcat-jasper-el.pom tomcat-jasper.pom \ + tomcat-catalina-ha.pom tomcat-api.pom; do + %{__cp} -a $pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.$pom + base=`basename $pom .pom` + %add_to_maven_depmap org.apache.tomcat $base %{version} JPP $base done # servlet-api jsp-api and el-api are not in tomcat subdir, since they are widely re-used elsewhere -%{__cp} -a tomcat-jsp-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-jsp-api.pom -%add_maven_depmap JPP-tomcat-jsp-api.pom tomcat-jsp-api.jar -f "tomcat-jsp-api" -a "javax.servlet.jsp:javax.servlet.jsp-api,javax.servlet:jsp-api,org.eclipse.jetty.orbit:javax.servlet.jsp" +for pom in tomcat-jsp-api.pom tomcat-servlet-api.pom tomcat-el-api.pom; do + %{__cp} -a $pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-$pom + base=`basename $pom .pom` + %add_to_maven_depmap org.apache.tomcat $base JPP %{name}-$base + %{__cp} -a $pom ${RPM_BUILD_ROOT}%{_mavendepmapfragdir}/$base +done -%{__cp} -a tomcat-el-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-el-api.pom -%add_maven_depmap JPP-tomcat-el-api.pom tomcat-el-api.jar -f "tomcat-el-api" -a "javax.el:javax.el-api,javax.el:el-api,org.eclipse.jetty.orbit:javax.el" - -%{__cp} -a tomcat-servlet-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-servlet-api.pom -# Generate a depmap fragment javax.servlet:servlet-api pointing to -# tomcat-servlet-3.0-api for backwards compatibility -# also provide jetty depmap (originally in jetty package, but it's cleaner to have it here -%add_maven_depmap JPP-tomcat-servlet-api.pom tomcat-servlet-api.jar -f "tomcat-servlet-api" -a "javax.servlet:servlet-api,javax.servlet:javax.servlet-api,org.mortbay.jetty:servlet-api,org.eclipse.jetty.orbit:javax.servlet" - -# replace temporary copy with link -%{__ln_s} -f $(abs2rel %{bindir}/tomcat-juli.jar %{libdir}) ${RPM_BUILD_ROOT}%{libdir}/ # two special pom where jar files have different names %{__cp} -a tomcat-tribes.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-catalina-tribes.pom -%add_maven_depmap JPP.%{name}-catalina-tribes.pom %{name}/catalina-tribes.jar +%add_to_maven_depmap org.apache.tomcat tribes %{version} JPP/%{name} catalina-tribes %{__cp} -a tomcat-coyote.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom -%add_maven_depmap JPP.%{name}-tomcat-coyote.pom %{name}/tomcat-coyote.jar +%add_to_maven_depmap org.apache.tomcat coyote %{version} JPP/%{name} tomcat-coyote %{__cp} -a tomcat-juli.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom -%add_maven_depmap JPP.%{name}-tomcat-juli.pom %{name}/tomcat-juli.jar - -%{__cp} -a tomcat-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom -%add_maven_depmap JPP.%{name}-tomcat-api.pom %{name}/tomcat-api.jar +%add_to_maven_depmap org.apache.tomcat juli %{version} JPP/%{name} tomcat-juli %{__cp} -a tomcat-util.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-util.pom -%add_maven_depmap JPP.%{name}-tomcat-util.pom %{name}/tomcat-util.jar +%add_to_maven_depmap org.apache.tomcat util %{version} JPP/%{name} tomcat-util + +# replace temporary copy with link +%{__ln_s} -f %{bindir}/tomcat-juli.jar ${RPM_BUILD_ROOT}%{libdir}/ mkdir -p ${RPM_BUILD_ROOT}%{_prefix}/lib/tmpfiles.d cat > ${RPM_BUILD_ROOT}%{_prefix}/lib/tmpfiles.d/%{name}.conf </dev/null || : -%post -# install but don't activate -%systemd_post %{name}.service +%post +/sbin/chkconfig --add %{name} %post jsp-%{jspspec}-api %{_sbindir}/update-alternatives --install %{_javadir}/jsp.jar jsp \ @@ -515,13 +478,14 @@ EOF %{_sbindir}/update-alternatives --install %{_javadir}/elspec.jar elspec \ %{_javadir}/%{name}-el-%{elspec}-api.jar 20300 + %preun # clean tempdir and workdir on removal or upgrade %{__rm} -rf %{workdir}/* %{tempdir}/* -%systemd_preun %{name}.service - -%postun -%systemd_postun_with_restart %{name}.service +if [ "$1" = "0" ]; then + %{_initrddir}/%{name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{name} +fi %postun jsp-%{jspspec}-api if [ "$1" = "0" ]; then @@ -541,46 +505,41 @@ if [ "$1" = "0" ]; then %{_javadir}/%{name}-el-%{elspec}-api.jar fi -%triggerun -- tomcat < 0:7.0.22-2 -/usr/bin/systemd-sysv-convert -- save tomcat > /dev/null 2>&1 || : -# Run these becasue the SysV package being removed won't do them -/sbin/chkconfig --del tomcat > /dev/null 2>&1 || : -/bin/systemctl try-restart tomcat.service > /dev/null 2>&1 || : %files %defattr(0664,root,tomcat,0755) %doc {LICENSE,NOTICE,RELEASE*} %attr(0755,root,root) %{_bindir}/%{name}-digest %attr(0755,root,root) %{_bindir}/%{name}-tool-wrapper +%attr(0755,root,root) %{_sbindir}/d%{name} %attr(0755,root,root) %{_sbindir}/%{name} -%attr(0644,root,root) %{_unitdir}/%{name}.service -%attr(0644,root,root) %{_unitdir}/%{name}@.service -%attr(0755,root,root) %dir %{_libexecdir}/%{name} -%attr(0755,root,root) %{_libexecdir}/%{name}/preamble -%attr(0755,root,root) %{_libexecdir}/%{name}/server +%attr(0755,root,root) %{_initrddir}/%{name} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} -%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %attr(0755,root,tomcat) %dir %{basedir} %attr(0755,root,tomcat) %dir %{confdir} + %defattr(0664,tomcat,root,0770) %attr(0770,tomcat,root) %dir %{logdir} + %defattr(0664,root,tomcat,0770) -%attr(0660,tomcat,tomcat) %{logdir}/catalina.out -%attr(0644,tomcat,tomcat) %{_localstatedir}/run/%{name}.pid +%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out +%attr(0644,tomcat,tomcat) %verify(not size md5 mtime) %{_localstatedir}/run/%{name}.pid %attr(0770,root,tomcat) %dir %{cachedir} %attr(0770,root,tomcat) %dir %{tempdir} %attr(0770,root,tomcat) %dir %{workdir} -%defattr(0664,root,tomcat,0775) + +%defattr(0644,root,tomcat,0775) %attr(0775,root,tomcat) %dir %{appdir} %attr(0775,root,tomcat) %dir %{confdir}/Catalina %attr(0775,root,tomcat) %dir %{confdir}/Catalina/localhost -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/%{name}.conf -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/*.policy -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/*.properties -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/context.xml -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/server.xml -%attr(0660,tomcat,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml -%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/web.xml +%config(noreplace) %{confdir}/%{name}.conf +%config(noreplace) %{confdir}/*.policy +%config(noreplace) %{confdir}/*.properties +%config(noreplace) %{confdir}/context.xml +%config(noreplace) %{confdir}/server.xml +%attr(0640,root,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml +%config(noreplace) %{confdir}/web.xml %dir %{homedir} %{_prefix}/lib/tmpfiles.d/%{name}.conf %{bindir}/bootstrap.jar @@ -610,7 +569,7 @@ fi %{_javadir}/%{name}-jsp-%{jspspec}*.jar %{_javadir}/%{name}-jsp-api.jar %{_mavenpomdir}/JPP-%{name}-jsp-api.pom -%{_mavendepmapfragdir}/%{name}-tomcat-jsp-api +%{_mavendepmapfragdir}/%{name}-jsp-api %files lib %defattr(-,root,root,-) @@ -623,7 +582,7 @@ fi %{_mavenpomdir}/JPP.%{name}-catalina.pom %{_mavenpomdir}/JPP.%{name}-jasper-el.pom %{_mavenpomdir}/JPP.%{name}-jasper.pom -%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom +%{_mavenpomdir}/JPP.%{name}-api.pom %{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom %{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom %{_mavenpomdir}/JPP.%{name}-tomcat-util.pom @@ -635,7 +594,7 @@ fi %doc LICENSE %{_javadir}/%{name}-servlet-%{servletspec}*.jar %{_javadir}/%{name}-servlet-api.jar -%{_mavendepmapfragdir}/%{name}-tomcat-servlet-api +%{_mavendepmapfragdir}/%{name}-servlet-api %{_mavenpomdir}/JPP-%{name}-servlet-api.pom %files el-%{elspec}-api @@ -645,7 +604,7 @@ fi %{_javadir}/%{name}-el-api.jar %{libdir}/%{name}-el-%{elspec}-api.jar %{_mavenpomdir}/JPP-%{name}-el-api.pom -%{_mavendepmapfragdir}/%{name}-tomcat-el-api +%{_mavendepmapfragdir}/%{name}-el-api %files webapps @@ -657,41 +616,145 @@ fi %files jsvc %defattr(755,root,root,0755) %{_sbindir}/%{name}-jsvc -%{_sbindir}/%{name}-jsvc-sysd -%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service %changelog -* Tue Jan 21 2014 Mikolaj Izdebski - 0:7.0.47-3 -- Fix installation of Maven metadata for tomcat-juli.jar -- Resolves: rhbz#1033664 +* Wed Oct 28 2020 Hui Wang - 1:7.0.106-1 +- Update to 7.0.106 -* Wed Jan 15 2014 Stanislav Ochotnicky - 0:7.0.47-2 -- Rebuild for bug #1033664 +* Wed Jul 15 2020 Hui Wang - 1:7.0.105-1 +- Update to 7.0.105 + +* Thu Jun 04 2020 Hui Wang - 1:7.0.104-1 +- Update to 7.0.104 + +* Wed Apr 22 2020 Coty Sutherland - 1:7.0.103-1 +- Update to 7.0.103 + +* Thu Mar 12 2020 Coty Sutherland - 1:7.0.100-2 +- Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration + +* Thu Mar 05 2020 Coty Sutherland - 1:7.0.100-1 +- Update to 7.0.100 +- Resolves: rhbz#1806805 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability + +* Thu Feb 06 2020 Coty Sutherland - 1:7.0.99-1 +- Update to 7.0.99 + +* Thu Sep 26 2019 Coty Sutherland - 1:7.0.96-1 +- Update to 7.0.96 +- Resolves: rhbz#1466026 JVM options are duplicated after service restart + +* Tue Jun 18 2019 Coty Sutherland - 1:7.0.94-1 +- Update to 7.0.94 +- Resolves: rhbz#1713280 - CVE-2019-0221 tomcat: XSS in SSI printenv + +* Thu Dec 13 2018 Coty Sutherland - 1:7.0.92-1 +- Update to 7.0.92 +- Resolves: rhbz#1636513 - CVE-2018-11784 tomcat: Open redirect in default servlet + +* Tue Jul 31 2018 Coty Sutherland - 1:7.0.90-1 +- Update to 7.0.90 +- Resolves: rhbz#1607586 - CVE-2018-8034 tomcat: host name verification missing in WebSocket client +- Resolves: rhbz#1579612 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins +- Resolves: rhbz#1624929 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS + +* Tue May 01 2018 Coty Sutherland - 1:7.0.86-1 +- Update to 7.0.86 + +* Fri Mar 16 2018 Coty Sutherland - 1:7.0.85-1 +- Update to 7.0.85 +- Resolves: rhbz#1548291 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources +- Resolves: rhbz#1548283 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users + +* Thu Feb 01 2018 Coty Sutherland - 0:7.0.84-1 +- Update to 7.0.84 + +* Wed Oct 04 2017 Coty Sutherland - 0:7.0.82-1 +- Update to 7.0.82 +- Resolves: rhbz#1497681 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 + +* Mon Aug 21 2017 Coty Sutherland - 0:7.0.81-1 +- Update to 7.0.81 +- Resolves: rhbz#1480621 CVE-2017-7674 tomcat: Cache Poisoning + +* Fri Jun 09 2017 Coty Sutherland - 0:7.0.78-1 +- Update to 7.0.78 +- Resolves: rhbz#1459161 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism + +* Tue Apr 11 2017 Coty Sutherland - 0:7.0.77-1 +- Update to 7.0.77 + +* Fri Mar 31 2017 Coty Sutherland - 0:7.0.76-1 +- Update to 7.0.76 + +* Thu Feb 16 2017 Coty Sutherland - 0:7.0.75-1 +- Update to 7.0.75 +- Resolves: rhbz#1420223 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation +- Resolves: rhbz#1372789 init script status command gives incorrect result + +* Tue Nov 29 2016 Coty Sutherland - 0:7.0.73-1 +- Update to 7.0.73 +- Resolves: rhbz#1397495 CVE-2016-6816 CVE-2016-8735 tomcat: various flaws + +* Fri Sep 23 2016 Coty Sutherland 0:7.0.72-1 +- Resolves: rhbz#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header +- Resolves: rhbz#1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script +- Resolves: rhbz#1379170 jsvc script is broken + +* Wed Aug 17 2016 Coty Sutherland 0:7.0.70-3 +- Resolves: rhbz#1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones) + +* Fri Aug 05 2016 Coty Sutherland 0:7.0.70-2 +- Related: rhbz#1314177 Had to fix a minor syntax issue that caused it to improperly eval + +* Fri Aug 05 2016 Coty Sutherland 0:7.0.70-1 +- Resolves: rhbz#1352120 The javadoc package is useless; it contains one index.html +- Resolves: rhbz#1347838 The security manager doesn't work correctly (JSPs cannot be compiled) +- Resolves: rhbz#1327327 rpm -V tomcat fails on /var/log/tomcat/catalina.out +- Resolves: rhbz#1314177 Tomcat init script reports wrong status when one instance of several is stopped +- Resolves: rhbz#1312280 Unable to overwrite the TOMCAT_SCRIPT variable +- Resolves: rhbz#1104708 Tomcat init script does not respect setting of CATALINA_PID in /etc/sysconfig/tomcat +- Resolves: rhbz#1104704 /usr/sbin/tomcat overrides settings specified in /etc/sysconfig/${NAME} +- Resolves: rhbz#1364067 The tomcat-tool-wrapper script is broken +- Resolves: rhbz#1364068 The command tomcat-digest doesn't work +- Resolves: rhbz#1311499 Updating package causes tomcat to not start on boot +- Resolves: rhbz#1352009 tomcat: multiple security vulnerabilities (updates to 7.0.70) + +* Fri Nov 13 2015 Coty Sutherland 0:7.0.65-1 +- Updated to 7.0.65 + +* Tue Apr 29 2014 Vlad Slepukhin 0:7.0.33-4 +- Fixed bug not allowing Tomcat to start properly connected with access privleges to the logging directory +- Removed residual systemd configuration from the wrapper + +* Wed Feb 26 2014 Vlad Slepukhin 0:7.0.33-3 +- Changed ExclusiveArch to ExcludeArch due to bug appearing during build with this parameter + +* Mon Feb 24 2014 Vlad Slepukhin 0:7.0.33-2 +- Restrctied to x86_64 and i686 platforms as now requires java 1.6 or later for building and running + +* Thu Feb 20 2014 Vlad Slepukhin 0:7.0.33-1 +- Rebuilded for EL6 compatibility +- Removed systemd for compatibility +- As no systemd used, systemv moved back to tomcat package +- Build now requires ant-trax for compatibility (XSLT and JavaDoc) +- Build now requires redhat-lsb for LSB libraries on CentOS +- Removed geronimo-jaxrpc as no package found in EL6 +- Renamed apache-* packages to jakarta-* ones for EL6 +- %add_maven_depmap replaced with %add_to_maven_depmap as no such Maven script exists in EL6 maven packages +- Refactored and cleaned, removing unused code +- Removed unused files needed for systemd +- Corrected access attributes and rights management for safety purposes * Sun Nov 03 2013 Ivan Afonichev 0:7.0.47-1 - Updated to 7.0.47 -- Fix java.security.policy - -* Sun Aug 04 2013 Fedora Release Engineering - 0:7.0.42-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Fri Jul 12 2013 Ivan Afonichev 0:7.0.42-2 -- Remove jpackage-utils R * Thu Jul 11 2013 Dmitry Tikhonov 0:7.0.42-1 - Updated to 7.0.42 -* Tue Jun 11 2013 Paul Komkoff 0:7.0.40-3 -- Dropped systemv inits. Bye-bye. -- Updated the systemd wrappers to allow running multiple instances. - Added wrapper scripts to do that, ported the original non-named - service file to work with the same wrappers, updated - /usr/sbin/tomcat to call systemctl. - * Sat May 11 2013 Ivan Afonichev 0:7.0.40-1 - Updated to 7.0.40 - Resolves: rhbz 956569 added missing commons-pool link -- Remove ant-nodeps BR * Mon Mar 4 2013 Mikolaj Izdebski - 0:7.0.37-2 - Add depmaps for org.eclipse.jetty.orbit