diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.packit.yaml b/.packit.yaml deleted file mode 100644 index 2986867..0000000 --- a/.packit.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# See the documentation for more information: -# https://packit.dev/docs/configuration/ - -create_sync_note: false - -upstream_project_url: https://github.com/apache/tomcat.git - -issue_repository: https://src.fedoraproject.org/rpms/tomcat - -jobs: -# https://packit.dev/docs/configuration/downstream/pull_from_upstream -# Make sure there is Fedora mapping for the 'tomcat' project in https://release-monitoring.org/projects/search/?pattern=tomcat -# Make sure Monitoring status on the left side at https://src.fedoraproject.org/rpms/tomcat is set to Monitoring -- job: pull_from_upstream - trigger: release - dist_git_branches: - - fedora-branched - -# https://packit.dev/docs/configuration/downstream/koji_build -- job: koji_build - trigger: commit - dist_git_branches: - - fedora-all - -- job: koji_build - trigger: commit - scratch: true - allowed_pr_authors: ['all_admins', 'all_committers'] - allowed_committers: ['all_admins', 'all_committers'] - dist_git_branches: - - fedora-all - -# https://packit.dev/docs/configuration/downstream/bodhi_update -- job: bodhi_update - trigger: commit - allowed_builders: ['packit', 'all_admins'] - dist_git_branches: - - fedora-branched # rawhide updates are created automatically diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch new file mode 100644 index 0000000..02ed0df --- /dev/null +++ b/change-defaults-for-CVE-2020-1938.patch @@ -0,0 +1,71 @@ +diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java +--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig 2020-04-22 15:31:12.889587528 -0400 ++++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-04-22 15:31:37.907534419 -0400 +@@ -16,7 +16,6 @@ + */ + package org.apache.coyote.ajp; + +-import java.net.InetAddress; + import java.util.regex.Pattern; + + import org.apache.coyote.AbstractProtocol; +@@ -49,8 +48,6 @@ public abstract class AbstractAjpProtoco + setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT); + // AJP does not use Send File + getEndpoint().setUseSendfile(false); +- // AJP listens on loopback by default +- getEndpoint().setAddress(InetAddress.getLoopbackAddress()); + ConnectionHandler cHandler = new ConnectionHandler<>(this); + setHandler(cHandler); + getEndpoint().setHandler(cHandler); +@@ -180,7 +177,7 @@ public abstract class AbstractAjpProtoco + } + + +- private boolean secretRequired = true; ++ private boolean secretRequired = false; + public void setSecretRequired(boolean secretRequired) { + this.secretRequired = secretRequired; + } +diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml +--- ./webapps/docs/changelog.xml.orig 2020-04-03 08:12:03.000000000 -0400 ++++ ./webapps/docs/changelog.xml 2020-04-22 15:31:37.911534411 -0400 +@@ -526,14 +526,10 @@ + Disable (comment out in server.xml) the AJP/1.3 connector by default. + (markt) + +- +- Change the default bind address for the AJP/1.3 connector to be the +- loopback address. (markt) +- + + Rename the requiredSecret attribute of the AJP/1.3 + Connector to secret and add a new attribute +- secretRequired that defaults to true. When ++ secretRequired that defaults to false. When + secretRequired is true the AJP/1.3 Connector + will not start unless the secret attribute is configured to + a non-null, non-zero length String. (markt) +diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml +--- ./webapps/docs/config/ajp.xml.orig 2020-04-22 15:31:37.913534406 -0400 ++++ ./webapps/docs/config/ajp.xml 2020-04-22 15:35:35.003031090 -0400 +@@ -327,7 +327,9 @@ + +

For servers with more than one IP address, this attribute specifies + which address will be used for listening on the specified port. By +- default, the connector will listen on the loopback address. Unless the JVM ++ default, this port will be used on all IP addresses associated with the ++ server. A value of 127.0.0.1 indicates that the Connector ++ will only listen on the loopback interface. Unless the JVM + is configured otherwise using system properties, the Java based connectors + (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when configured + with either 0.0.0.0 or ::. The APR/native +@@ -500,7 +502,7 @@ + the secret attribute is required to be specified for the + AJP Connector to start. It does not control whether + workers are required to provide the secret. The default value is +- true. This attribute should only be set to false ++ false. This attribute should only be set to false + when the Connector is used on a trusted network.

+ + diff --git a/ci.fmf b/ci.fmf deleted file mode 100644 index c5aa0e0..0000000 --- a/ci.fmf +++ /dev/null @@ -1 +0,0 @@ -resultsdb-testcase: separate diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 0553cb6..0000000 --- a/gating.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- !Policy -product_versions: - - fedora-rawhide -decision_contexts: - - bodhi_update_push_stable - - bodhi_update_push_testing -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpmdeplint.functional} -product_versions: - - fedora-* -decision_contexts: - - bodhi_update_push_stable - - bodhi_update_push_testing -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis} - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional} - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/javapackages.functional} - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/smoke.functional} diff --git a/module-start-up-parameters.conf b/module-start-up-parameters.conf deleted file mode 100644 index 7f8652a..0000000 --- a/module-start-up-parameters.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Add the module start-up parameters required by Tomcat -JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED" -JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED" -JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED" -JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED" -JAVA_OPTS="$JAVA_OPTS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED" -export JAVA_OPTS - diff --git a/plans/javapackages.fmf b/plans/javapackages.fmf deleted file mode 100644 index 86bfcea..0000000 --- a/plans/javapackages.fmf +++ /dev/null @@ -1,7 +0,0 @@ -summary: Run javapackages-specific tests -discover: - how: fmf - url: https://src.fedoraproject.org/tests/javapackages - ref: f42 -execute: - how: tmt diff --git a/plans/smoke.fmf b/plans/smoke.fmf deleted file mode 100644 index 039f41a..0000000 --- a/plans/smoke.fmf +++ /dev/null @@ -1,5 +0,0 @@ -discover: - how: fmf - url: https://src.fedoraproject.org/tests/tomcat -execute: - how: tmt diff --git a/rhbz-1857043.patch b/rhbz-1857043.patch deleted file mode 100644 index 4028ee1..0000000 --- a/rhbz-1857043.patch +++ /dev/null @@ -1,215 +0,0 @@ ---- build.xml.orig 2024-08-02 18:14:43.000000000 +0300 -+++ build.xml 2024-08-19 13:56:38.991730088 +0300 -@@ -1121,7 +1121,7 @@ - filesDir="${tomcat.classes}" - filesId="files.annotations-api" - manifest="${tomcat.manifests}/annotations-api.jar.manifest" -- addOSGi="true" /> -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - -+ addOSGi="false" /> - - - - - -+ - - - diff --git a/tomcat-10.1-catalina-policy.patch b/tomcat-10.1-catalina-policy.patch deleted file mode 100644 index 3254968..0000000 --- a/tomcat-10.1-catalina-policy.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- conf/catalina.policy.orig 2024-05-22 16:12:23.809886452 +0300 -+++ conf/catalina.policy 2024-05-22 16:14:38.913939654 +0300 -@@ -55,6 +55,14 @@ - permission java.security.AllPermission; - }; - -+// ========== RHEL SPECIFIC CODE PERMISSIONS ======================================= -+ -+// Allowing everything in /usr/share/java allows too many unknowns to be permitted -+// Specifying the individual jars that tomcat needs to function with the security manager -+// is the safest way forward. -+grant codeBase "file:/usr/share/java/ecj/ecj.jar" { -+ permission java.security.AllPermission; -+}; - - // ========== CATALINA CODE PERMISSIONS ======================================= diff --git a/tomcat-10.1.logrotate b/tomcat-10.1.logrotate deleted file mode 100644 index 082092a..0000000 --- a/tomcat-10.1.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -# This is an example config only and is disabled by default -# If you wish to use it, you'll need to update /etc/tomcat/logging.properties -# to prevent catalina*.log from being rotated by Tomcat -@@@TCLOG@@@/catalina*.log { - copytruncate - weekly - rotate 52 - compress - missingok - create 0644 tomcat tomcat -} diff --git a/tomcat-9.0-RemoveCompilerOptions.patch b/tomcat-9.0-RemoveCompilerOptions.patch new file mode 100644 index 0000000..00378f9 --- /dev/null +++ b/tomcat-9.0-RemoveCompilerOptions.patch @@ -0,0 +1,58 @@ +diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java.orig ./java/org/apache/jasper/compiler/JDTCompiler.java +--- ./java/org/apache/jasper/compiler/JDTCompiler.java.orig 2020-04-03 08:11:52.000000000 -0400 ++++ ./java/org/apache/jasper/compiler/JDTCompiler.java 2020-04-22 16:03:04.710594419 -0400 +@@ -324,24 +324,6 @@ public class JDTCompiler extends org.apa + } else if(opt.equals("11")) { + settings.put(CompilerOptions.OPTION_Source, + CompilerOptions.VERSION_11); +- } else if(opt.equals("12")) { +- settings.put(CompilerOptions.OPTION_Source, +- CompilerOptions.VERSION_12); +- } else if(opt.equals("13")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "13"); +- } else if(opt.equals("14")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "14"); +- } else if(opt.equals("15")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_Source, "15"); + } else { + log.warn(Localizer.getMessage("jsp.warning.unknown.sourceVM", opt)); + settings.put(CompilerOptions.OPTION_Source, +@@ -405,29 +387,6 @@ public class JDTCompiler extends org.apa + CompilerOptions.VERSION_11); + settings.put(CompilerOptions.OPTION_Compliance, + CompilerOptions.VERSION_11); +- } else if(opt.equals("12")) { +- settings.put(CompilerOptions.OPTION_TargetPlatform, +- CompilerOptions.VERSION_12); +- settings.put(CompilerOptions.OPTION_Compliance, +- CompilerOptions.VERSION_12); +- } else if(opt.equals("13")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "13"); +- settings.put(CompilerOptions.OPTION_Compliance, "13"); +- } else if(opt.equals("14")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "14"); +- settings.put(CompilerOptions.OPTION_Compliance, "14"); +- } else if(opt.equals("15")) { +- // Constant not available in latest ECJ version shipped with +- // Tomcat. May be supported in a snapshot build. +- // This is checked against the actual version below. +- settings.put(CompilerOptions.OPTION_TargetPlatform, "15"); +- settings.put(CompilerOptions.OPTION_Compliance, "15"); + } else { + log.warn(Localizer.getMessage("jsp.warning.unknown.targetVM", opt)); + settings.put(CompilerOptions.OPTION_TargetPlatform, diff --git a/tomcat-10.1-bootstrap-MANIFEST.MF.patch b/tomcat-9.0-bootstrap-MANIFEST.MF.patch similarity index 100% rename from tomcat-10.1-bootstrap-MANIFEST.MF.patch rename to tomcat-9.0-bootstrap-MANIFEST.MF.patch diff --git a/tomcat-9.0-catalina-policy.patch b/tomcat-9.0-catalina-policy.patch new file mode 100644 index 0000000..3694929 --- /dev/null +++ b/tomcat-9.0-catalina-policy.patch @@ -0,0 +1,39 @@ +--- conf/catalina.policy~ 2016-06-17 10:20:17.649171968 -0400 ++++ conf/catalina.policy 2016-06-17 10:23:35.358309244 -0400 +@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex + permission java.security.AllPermission; + }; + ++// ========== RHEL SPECIFIC CODE PERMISSIONS ======================================= ++ ++// Allowing everything in /usr/share/java allows too many unknowns to be permitted ++// Specifying the individual jars that tomcat needs to function with the security manager ++// is the safest way forward. ++grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/log4j.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/ecj.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/apache-commons-pool.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/apache-commons-collections.jar" { ++ permission java.security.AllPermission; ++}; ++ + + // ========== CATALINA CODE PERMISSIONS ======================================= + diff --git a/tomcat-10.1-digest.script b/tomcat-9.0-digest.script similarity index 100% rename from tomcat-10.1-digest.script rename to tomcat-9.0-digest.script diff --git a/tomcat-9.0-jsvc.service b/tomcat-9.0-jsvc.service new file mode 100644 index 0000000..f480324 --- /dev/null +++ b/tomcat-9.0-jsvc.service @@ -0,0 +1,22 @@ +# Systemd unit file for tomcat +# +# To create clones of this service: +# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined +# before tomcat-sysd is called. +# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat +# to override tomcat defaults + +[Unit] +Description=Apache Tomcat Web Application Container JSVC wrapper +After=syslog.target network.target + +[Service] +Type=simple +EnvironmentFile=/etc/tomcat/tomcat.conf +Environment="NAME=" "USE_JSVC=true" +EnvironmentFile=-/etc/sysconfig/tomcat +ExecStart=/usr/libexec/tomcat/server start +ExecStop=/usr/libexec/tomcat/server stop + +[Install] +WantedBy=multi-user.target diff --git a/tomcat-9.0-log4j.properties b/tomcat-9.0-log4j.properties new file mode 100644 index 0000000..dfc2309 --- /dev/null +++ b/tomcat-9.0-log4j.properties @@ -0,0 +1,11 @@ +log4j.rootLogger=debug, R +log4j.appender.R=org.apache.log4j.RollingFileAppender +log4j.appender.R.File=${catalina.base}/logs/tomcat.log +log4j.appender.R.MaxFileSize=10MB +log4j.appender.R.MaxBackupIndex=10 +log4j.appender.R.layout=org.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=%p %t %c - %m%n +log4j.logger.org.apache.catalina=DEBUG, R +log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R +log4j.logger.org.apache.catalina.core=DEBUG, R +log4j.logger.org.apache.catalina.session=DEBUG, R diff --git a/tomcat-10.1-tomcat-users-webapp.patch b/tomcat-9.0-tomcat-users-webapp.patch similarity index 97% rename from tomcat-10.1-tomcat-users-webapp.patch rename to tomcat-9.0-tomcat-users-webapp.patch index 85b8b9b..860c4cf 100644 --- a/tomcat-10.1-tomcat-users-webapp.patch +++ b/tomcat-9.0-tomcat-users-webapp.patch @@ -1,6 +1,6 @@ --- conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500 +++ conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500 -@@ -53,4 +53,14 @@ +@@ -23,4 +23,14 @@ --> diff --git a/tomcat-10.1-tool-wrapper.script b/tomcat-9.0-tool-wrapper.script similarity index 100% rename from tomcat-10.1-tool-wrapper.script rename to tomcat-9.0-tool-wrapper.script diff --git a/tomcat-10.1.conf b/tomcat-9.0.conf similarity index 73% rename from tomcat-10.1.conf rename to tomcat-9.0.conf index c83305a..e5fa60a 100644 --- a/tomcat-10.1.conf +++ b/tomcat-9.0.conf @@ -28,15 +28,24 @@ CATALINA_HOME="@@@TCHOME@@@" # System-wide tmp CATALINA_TMPDIR="/var/cache/tomcat/temp" +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=/usr/lib" + +# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381 +JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory" + # You can change your tomcat locale here #LANG="en_US" # Run tomcat under the Java Security Manager SECURITY_MANAGER="false" +# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set +# TimeoutStopSec in tomcat.service. + # If you wish to further customize your tomcat environment, # put your own definitions here # (i.e. LD_LIBRARY_PATH for some jdbc drivers) - -# You can also pass parameters to Java here by defining JAVA_OPTS variable -# (e.g. JAVA_OPTS="-Xminf0.1 -Xmaxf0.3") diff --git a/tomcat-9.0.logrotate b/tomcat-9.0.logrotate new file mode 100644 index 0000000..a87b4c0 --- /dev/null +++ b/tomcat-9.0.logrotate @@ -0,0 +1,8 @@ +@@@TCLOG@@@/catalina.out { + copytruncate + weekly + rotate 52 + compress + missingok + create 0644 tomcat tomcat +} diff --git a/tomcat-10.1.service b/tomcat-9.0.service similarity index 100% rename from tomcat-10.1.service rename to tomcat-9.0.service diff --git a/tomcat-10.1.sysconfig b/tomcat-9.0.sysconfig similarity index 100% rename from tomcat-10.1.sysconfig rename to tomcat-9.0.sysconfig diff --git a/tomcat-10.1.wrapper b/tomcat-9.0.wrapper similarity index 100% rename from tomcat-10.1.wrapper rename to tomcat-9.0.wrapper diff --git a/tomcat-build.patch b/tomcat-build.patch index cdf73ef..acaac9c 100644 --- a/tomcat-build.patch +++ b/tomcat-build.patch @@ -1,19 +1,12 @@ -diff -up ./res/bnd/build-defaults.bnd.orig ./res/bnd/build-defaults.bnd ---- res/bnd/build-defaults.bnd.orig 2023-10-16 11:23:04.752754202 +0800 -+++ res/bnd/build-defaults.bnd 2023-10-16 11:23:29.931876910 +0800 -@@ -13,7 +13,7 @@ - # See the License for the specific language governing permissions and - # limitations under the License. - --Bundle-Version: ${version_cleanup;${version}} -+Bundle-Version: ${version} - Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt - - Specification-Title: Apache Tomcat -@@ -36,4 +36,4 @@ X-Compile-Target-JDK: ${compile.release} - - -removeheaders: DSTAMP,TODAY,TSTAMP - --module.name: org.apache.${replace;${Bundle-Name};-;.} -\ No newline at end of file -+module.name: org.apache.${replace;${Bundle-Name};-;.} +--- build.xml.orig 2018-08-07 10:32:04.994403913 -0400 ++++ build.xml 2018-08-07 10:32:30.874319588 -0400 +@@ -2989,6 +2989,9 @@ Read the Building page on the Apache Tom + + + ++ ++ ++ + + + diff --git a/tomcat-functions b/tomcat-functions index 1187653..ab08fa2 100644 --- a/tomcat-functions +++ b/tomcat-functions @@ -13,9 +13,30 @@ _save_function() { eval "$NEWNAME_FUNC" } +run_jsvc(){ + if [ -x /usr/bin/jsvc ]; then + TOMCAT_USER="${TOMCAT_USER:-tomcat}" + JSVC="/usr/bin/jsvc" + + JSVC_OPTS="-nodetach -pidfile /var/run/jsvc-tomcat${NAME}.pid -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out" + if [ "$1" = "stop" ]; then + JSVC_OPTS="${JSVC_OPTS} -stop" + fi + + exec "${JSVC}" ${JSVC_OPTS} ${FLAGS} -classpath "${CLASSPATH}" ${OPTIONS} "${MAIN_CLASS}" "${@}" + else + echo "Can't find /usr/bin/jsvc executable" + fi + +} + _save_function run run_java run() { + if [ "${USE_JSVC}" = "true" ] ; then + run_jsvc $@ + else run_java $@ + fi } diff --git a/tomcat.spec b/tomcat.spec index 77901bc..290bdb4 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -28,19 +28,19 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -%global jspspec 3.1 -%global major_version 10 -%global minor_version 1 -%global micro_version 46 +%global jspspec 2.3 +%global major_version 9 +%global minor_version 0 +%global micro_version 34 %global packdname apache-tomcat-%{version}-src -%global servletspec 6.0 -%global elspec 5.0 -%global tcuid 53 +%global servletspec 4.0 +%global elspec 3.0 +%global tcuid 91 # Recommended version is specified in java/org/apache/catalina/core/AprLifecycleListener.java -%global native_version 2.0.8 +%global native_version 1.2.21 -# FHS 3.0 compliant tree structure - http://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html +# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir %{_var}/lib/%{name} %global appdir %{basedir}/webapps %global homedir %{_datadir}/%{name} @@ -51,57 +51,66 @@ %global cachedir %{_var}/cache/%{name} %global tempdir %{cachedir}/temp %global workdir %{cachedir}/work +%global _systemddir /lib/systemd/system + +# Fedora doesn't seem to have this macro, so we define it if it doesn't exist +%{!?_mavendepmapfragdir: %global _mavendepmapfragdir /usr/share/maven-metadata} Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: %autorelease +Release: 1%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API -# Automatically converted from old format: ASL 2.0 - review is highly recommended. -License: Apache-2.0 +License: ASL 2.0 URL: http://tomcat.apache.org/ Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf -Source2: %{name}-%{major_version}.%{minor_version}.sysconfig -Source3: %{name}-%{major_version}.%{minor_version}.wrapper -Source4: %{name}-%{major_version}.%{minor_version}.logrotate -Source5: %{name}-%{major_version}.%{minor_version}-digest.script -Source6: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script -Source7: %{name}-%{major_version}.%{minor_version}.service -Source8: %{name}-functions -Source9: %{name}-preamble -Source10: %{name}-server -Source11: %{name}-named.service -Source12: module-start-up-parameters.conf +Source3: %{name}-%{major_version}.%{minor_version}.sysconfig +Source4: %{name}-%{major_version}.%{minor_version}.wrapper +Source5: %{name}-%{major_version}.%{minor_version}.logrotate +Source6: %{name}-%{major_version}.%{minor_version}-digest.script +Source7: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script +Source11: %{name}-%{major_version}.%{minor_version}.service +Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service +Source21: tomcat-functions +Source30: tomcat-preamble +Source31: tomcat-server +Source32: tomcat-named.service Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch Patch2: %{name}-build.patch -Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch -Patch4: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch -Patch5: %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch -Patch6: rhbz-1857043.patch +Patch3: %{name}-%{major_version}.%{minor_version}-RemoveCompilerOptions.patch +Patch4: change-defaults-for-CVE-2020-1938.patch BuildArch: noarch -ExclusiveArch: %{java_arches} noarch -BuildRequires: ant-openjdk25 >= 1.10.2 -BuildRequires: ecj >= 4.20 +BuildRequires: ant +BuildRequires: ecj >= 1:4.11 BuildRequires: findutils -BuildRequires: java-25-devel -BuildRequires: javapackages-local-openjdk25 +BuildRequires: apache-commons-daemon +BuildRequires: tomcat-taglibs-standard +BuildRequires: java-devel >= 1:1.8.0 +%if 0%{?fedora} >= 27 || 0%{?rhel} > 7 +# add_maven_depmap is deprecated, using javapackages-local for now +# See https://fedora-java.github.io/howto/latest/#_add_maven_depmap_macro +BuildRequires: javapackages-local +%endif +BuildRequires: geronimo-jaxrpc +BuildRequires: geronimo-saaj BuildRequires: aqute-bnd BuildRequires: aqute-bndlib +BuildRequires: wsdl4j BuildRequires: systemd -BuildRequires: tomcat-jakartaee-migration -Requires: (java-25-headless or java-25) +Requires: apache-commons-daemon +Requires: java-headless >= 1:1.8.0 Requires: javapackages-tools +Requires: procps Requires: %{name}-lib = %{epoch}:%{version}-%{release} -%if 0%{?fedora} || 0%{?rhel} > 7 Recommends: tomcat-native >= %{native_version} -%endif +Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -133,14 +142,22 @@ Requires: %{name} = %{epoch}:%{version}-%{release} %description docs-webapp The docs web application for Apache Tomcat. +%package jsvc +Summary: Apache jsvc wrapper for Apache Tomcat as separate service +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: apache-commons-daemon-jsvc + +%description jsvc +Systemd service to start tomcat with jsvc, +which allows tomcat to perform some privileged operations +(e.g. bind to a port < 1024) and then switch identity to a non-privileged user. + %package jsp-%{jspspec}-api Summary: Apache Tomcat JavaServer Pages v%{jspspec} API Implementation Classes Provides: jsp = %{jspspec} +Obsoletes: %{name}-jsp-2.2-api Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} -Obsoletes: %{name}-jsp-2.3-api < 1:9.1 -Provides: %{name}-jsp-2.3-api = %{?epoch:%{epoch}:}%{version}-%{release} - %description jsp-%{jspspec}-api Apache Tomcat JSP API Implementation Classes. @@ -150,8 +167,7 @@ Summary: Libraries needed to run the Tomcat Web container Requires: %{name}-jsp-%{jspspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} -Requires: ecj >= 4.20 -Recommends: tomcat-jakartaee-migration +Requires: ecj >= 1:4.10 Requires(preun): coreutils %description lib @@ -160,8 +176,9 @@ Libraries needed to run the Tomcat Web container. %package servlet-%{servletspec}-api Summary: Apache Tomcat Java Servlet v%{servletspec} API Implementation Classes Provides: servlet = %{servletspec} -Obsoletes: %{name}-servlet-4.0-api < 1:9.1 -Provides: %{name}-servlet-4.0-api = %{?epoch:%{epoch}:}%{version}-%{release} +Provides: servlet6 +Provides: servlet3 +Obsoletes: %{name}-servlet-3.1-api %description servlet-%{servletspec}-api Apache Tomcat Servlet API Implementation Classes. @@ -169,18 +186,18 @@ Apache Tomcat Servlet API Implementation Classes. %package el-%{elspec}-api Summary: Apache Tomcat Expression Language v%{elspec} API Implementation Classes Provides: el_api = %{elspec} -Obsoletes: %{name}-el-3.0-api < 1:9.1 -Provides: %{name}-el-3.0-api = %{?epoch:%{epoch}:}%{version}-%{release} +Obsoletes: %{name}-el-2.2-api %description el-%{elspec}-api Apache Tomcat EL API Implementation Classes. %package webapps -Summary: The ROOT web application for Apache Tomcat +Summary: The ROOT and examples web applications for Apache Tomcat Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: tomcat-taglibs-standard >= 0:1.1 %description webapps -The ROOT web application for Apache Tomcat. +The ROOT and examples web applications for Apache Tomcat. %prep %setup -q -n %{packdname} @@ -188,65 +205,59 @@ The ROOT web application for Apache Tomcat. find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete -%patch 0 -p0 -%patch 1 -p0 -%patch 2 -p0 -%patch 3 -p0 -%patch 4 -p0 -%patch 5 -p0 -%patch 6 -p0 - -# Remove webservices naming resources as it's generally unused -%{__rm} -rf java/org/apache/naming/factory/webservices - -# Configure maven files -%mvn_package ":tomcat-el-api" tomcat-el-api -%mvn_alias "org.apache.tomcat:tomcat-el-api" "jakarta.servlet:jakarta.servlet-api" -%mvn_package ":tomcat-jsp-api" tomcat-jsp-api -%mvn_alias "org.apache.tomcat:tomcat-jsp-api" "jakarta.servlet:jakarta.servlet.jsp" -%mvn_package ":tomcat-servlet-api" tomcat-servlet-api - -# Create a sysusers.d config file -cat >tomcat.sysusers.conf < ${RPM_BUILD_ROOT}%{confdir}/conf.d/README %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{libdir} %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{logdir} +/bin/touch ${RPM_BUILD_ROOT}%{logdir}/catalina.out %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tomcats %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{homedir} %{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{tempdir} @@ -279,34 +291,34 @@ popd > ${RPM_BUILD_ROOT}%{confdir}/%{name}.conf %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ - -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE2} \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \ > ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} -%{__install} -m 0755 %{SOURCE3} \ +%{__install} -m 0644 %{SOURCE4} \ ${RPM_BUILD_ROOT}%{_sbindir}/%{name} -%{__install} -m 0644 %{SOURCE7} \ +%{__install} -m 0644 %{SOURCE11} \ ${RPM_BUILD_ROOT}%{_unitdir}/%{name}.service -%{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE4} \ - > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}.disabled -%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ - -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ - -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE5} \ - > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-digest +%{__install} -m 0644 %{SOURCE20} \ + ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-jsvc.service +%{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \ + > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \ + > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-digest +%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \ + -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \ + -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \ > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-tool-wrapper -%{__install} -m 0644 %{SOURCE8} \ +%{__install} -m 0644 %{SOURCE21} \ ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/functions -%{__install} -m 0755 %{SOURCE9} \ +%{__install} -m 0755 %{SOURCE30} \ ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/preamble -%{__install} -m 0755 %{SOURCE10} \ +%{__install} -m 0755 %{SOURCE31} \ ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/server -%{__install} -m 0644 %{SOURCE11} \ +%{__install} -m 0644 %{SOURCE32} \ ${RPM_BUILD_ROOT}%{_unitdir}/%{name}@.service -%{__install} -m 0644 %{SOURCE12} ${RPM_BUILD_ROOT}%{confdir}/conf.d/ - # Substitute libnames in catalina-tasks.xml sed -i \ "s,el-api.jar,%{name}-el-%{elspec}-api.jar,; @@ -326,7 +338,10 @@ popd pushd output/build %{_bindir}/build-jar-repository lib ecj 2>&1 - %{_bindir}/build-jar-repository lib tomcat-jakartaee-migration 2>&1 + # need to use -p here with b-j-r otherwise the examples webapp fails to + # load with a java.io.IOException + %{_bindir}/build-jar-repository -p webapps/examples/WEB-INF/lib \ + tomcat-taglibs-standard/taglibs-standard-impl.jar tomcat-taglibs-standard/taglibs-standard-compat.jar 2>&1 popd pushd ${RPM_BUILD_ROOT}%{libdir} @@ -335,9 +350,9 @@ pushd ${RPM_BUILD_ROOT}%{libdir} %{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar . %{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar . %{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar - %{__ln_s} $(build-classpath tomcat-jakartaee-migration/jakartaee-migration) jakartaee-migration.jar - - cp ../../%{name}/bin/tomcat-juli.jar . + + # Temporary copy the juli jar here from /usr/share/java/tomcat (for maven depmap) + %{__cp} -a ${RPM_BUILD_ROOT}%{bindir}/tomcat-juli.jar ./ popd # symlink to the FHS locations where we've installed things @@ -350,78 +365,145 @@ pushd ${RPM_BUILD_ROOT}%{homedir} %{__ln_s} %{workdir} work popd -# Install the maven metadata for the spec impl artifacts as other projects use them -#%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir} -pushd res/maven - for pom in *.pom; do - # fix-up version in all pom files - sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom - done +# install sample webapp +%{__mkdir_p} ${RPM_BUILD_ROOT}%{appdir}/sample +pushd ${RPM_BUILD_ROOT}%{appdir}/sample +%{jar} xf ${RPM_BUILD_ROOT}%{appdir}/docs/appdev/sample/sample.war +popd +%{__rm} ${RPM_BUILD_ROOT}%{appdir}/docs/appdev/sample/sample.war + +# Allow linking for example webapp +%{__mkdir_p} ${RPM_BUILD_ROOT}%{appdir}/examples/META-INF +pushd ${RPM_BUILD_ROOT}%{appdir}/examples/META-INF +echo '' > context.xml +echo '' >> context.xml +echo ' ' >> context.xml +echo '' >> context.xml popd -# Configure and install maven artifacts -%mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar -%mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar -%mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar +pushd ${RPM_BUILD_ROOT}%{appdir}/examples/WEB-INF/lib +%{__ln_s} -f $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) jstl.jar +%{__ln_s} -f $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) standard.jar +popd -%mvn_file org.apache.tomcat:tomcat-annotations-api tomcat/annotations-api -%mvn_artifact res/maven/tomcat-annotations-api.pom ${RPM_BUILD_ROOT}%{libdir}/annotations-api.jar -%mvn_artifact res/maven/tomcat-api.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-api.jar -%mvn_file org.apache.tomcat:tomcat-catalina-ant tomcat/catalina-ant -%mvn_artifact res/maven/tomcat-catalina-ant.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ant.jar -%mvn_file org.apache.tomcat:tomcat-catalina-ha tomcat/catalina-ha -%mvn_artifact res/maven/tomcat-catalina-ha.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ha.jar -%mvn_file org.apache.tomcat:tomcat-catalina tomcat/catalina -%mvn_artifact res/maven/tomcat-catalina.pom ${RPM_BUILD_ROOT}%{libdir}/catalina.jar -%mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar -%mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar -%mvn_artifact res/maven/tomcat-i18n-cs.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-cs.jar -%mvn_artifact res/maven/tomcat-i18n-de.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-de.jar -%mvn_artifact res/maven/tomcat-i18n-es.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-es.jar -%mvn_artifact res/maven/tomcat-i18n-fr.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-fr.jar -%mvn_artifact res/maven/tomcat-i18n-ja.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ja.jar -%mvn_artifact res/maven/tomcat-i18n-ko.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ko.jar -%mvn_artifact res/maven/tomcat-i18n-pt-BR.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-pt-BR.jar -%mvn_artifact res/maven/tomcat-i18n-ru.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ru.jar -%mvn_artifact res/maven/tomcat-i18n-zh-CN.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-zh-CN.jar -%mvn_file org.apache.tomcat:tomcat-jasper-el tomcat/jasper-el -%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar -%mvn_file org.apache.tomcat:tomcat-jasper tomcat/jasper -%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar -%mvn_file org.apache.tomcat:tomcat-jaspic-api tomcat/jaspic-api -%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar -%mvn_artifact res/maven/tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jdbc.jar -%mvn_artifact res/maven/tomcat-jni.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jni.jar -%mvn_artifact res/maven/tomcat-juli.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar -%mvn_file org.apache.tomcat:tomcat-ssi tomcat/catalina-ssi -%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar -%mvn_file org.apache.tomcat:tomcat-storeconfig tomcat/catalina-storeconfig -%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar -%mvn_file org.apache.tomcat:tomcat-tribes tomcat/catalina-tribes -%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar -%mvn_artifact res/maven/tomcat-util-scan.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util-scan.jar -%mvn_artifact res/maven/tomcat-util.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util.jar -%mvn_file org.apache.tomcat:tomcat-websocket-api tomcat/websocket-api -%mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar -%mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar -%mvn_artifact res/maven/tomcat-websocket-client-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-client-api.jar -%mvn_artifact res/maven/tomcat.pom -%mvn_install +# Install the maven metadata +%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir} +pushd output/dist/src/res/maven +for pom in *.pom; do + # fix-up version in all pom files + sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom +done -install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf +# we won't install dbcp, juli-adapters and juli-extras pom files +for libname in annotations-api catalina jasper-el jasper catalina-ha; do + %{__cp} -a %{name}-$libname.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-$libname.pom + %add_maven_depmap JPP.%{name}-$libname.pom %{name}/$libname.jar -f "tomcat-lib" +done + +# tomcat-util-scan +%{__cp} -a %{name}-util-scan.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-util-scan.pom +%add_maven_depmap JPP.%{name}-util-scan.pom %{name}/%{name}-util-scan.jar -f "tomcat-lib" + +# tomcat-jni +%{__cp} -a %{name}-jni.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-jni.pom +%add_maven_depmap JPP.%{name}-jni.pom %{name}/%{name}-jni.jar -f "tomcat-lib" + +# servlet-api jsp-api and el-api are not in tomcat subdir, since they are widely re-used elsewhere +%{__cp} -a tomcat-jsp-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-jsp-api.pom +%add_maven_depmap JPP-tomcat-jsp-api.pom tomcat-jsp-api.jar -f "tomcat-jsp-api" -a "org.eclipse.jetty.orbit:javax.servlet.jsp" + +%{__cp} -a tomcat-el-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-el-api.pom +%add_maven_depmap JPP-tomcat-el-api.pom tomcat-el-api.jar -f "tomcat-el-api" -a "org.eclipse.jetty.orbit:javax.el" + +%{__cp} -a tomcat-servlet-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP-tomcat-servlet-api.pom +# Generate a depmap fragment javax.servlet:servlet-api pointing to +# tomcat-servlet-3.0-api for backwards compatibility +# also provide jetty depmap (originally in jetty package, but it's cleaner to have it here +%add_maven_depmap JPP-tomcat-servlet-api.pom tomcat-servlet-api.jar -f "tomcat-servlet-api" + +# replace temporary copy with link +%{__ln_s} -f $(abs2rel %{bindir}/tomcat-juli.jar %{libdir}) ${RPM_BUILD_ROOT}%{libdir}/ + +# two special pom where jar files have different names +%{__cp} -a tomcat-tribes.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-catalina-tribes.pom +%add_maven_depmap JPP.%{name}-catalina-tribes.pom %{name}/catalina-tribes.jar + +%{__cp} -a tomcat-coyote.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom +%add_maven_depmap JPP.%{name}-tomcat-coyote.pom %{name}/tomcat-coyote.jar + +%{__cp} -a tomcat-juli.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom +%add_maven_depmap JPP.%{name}-tomcat-juli.pom %{name}/tomcat-juli.jar + +%{__cp} -a tomcat-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom +%add_maven_depmap JPP.%{name}-tomcat-api.pom %{name}/tomcat-api.jar + +%{__cp} -a tomcat-util.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-util.pom +%add_maven_depmap JPP.%{name}-tomcat-util.pom %{name}/tomcat-util.jar + +%{__cp} -a tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-jdbc.pom +%add_maven_depmap JPP.%{name}-tomcat-jdbc.pom %{name}/tomcat-jdbc.jar + +# tomcat-websocket-api +%{__cp} -a tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-websocket-api.pom +%add_maven_depmap JPP.%{name}-websocket-api.pom %{name}/websocket-api.jar + +# tomcat-tomcat-websocket +%{__cp} -a tomcat-websocket.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-tomcat-websocket.pom +%add_maven_depmap JPP.%{name}-tomcat-websocket.pom %{name}/tomcat-websocket.jar + +# tomcat-jaspic-api +%{__cp} -a tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{_mavenpomdir}/JPP.%{name}-jaspic-api.pom +%add_maven_depmap JPP.%{name}-jaspic-api.pom %{name}/jaspic-api.jar + + +%pre +# add the tomcat user and group +%{_sbindir}/groupadd -g %{tcuid} -r tomcat 2>/dev/null || : +%{_sbindir}/useradd -c "Apache Tomcat" -u %{tcuid} -g tomcat \ + -s /sbin/nologin -r -d %{homedir} tomcat 2>/dev/null || : %post # install but don't activate %systemd_post %{name}.service +%post jsp-%{jspspec}-api +%{_sbindir}/update-alternatives --install %{_javadir}/jsp.jar jsp \ + %{_javadir}/%{name}-jsp-%{jspspec}-api.jar 20200 + +%post servlet-%{servletspec}-api +%{_sbindir}/update-alternatives --install %{_javadir}/servlet.jar servlet \ + %{_javadir}/%{name}-servlet-%{servletspec}-api.jar 30000 + +%post el-%{elspec}-api +%{_sbindir}/update-alternatives --install %{_javadir}/elspec.jar elspec \ + %{_javadir}/%{name}-el-%{elspec}-api.jar 20300 + %preun # clean tempdir and workdir on removal or upgrade %{__rm} -rf %{workdir}/* %{tempdir}/* %systemd_preun %{name}.service %postun -%systemd_postun_with_restart %{name}.service +%systemd_postun_with_restart %{name}.service + +%postun jsp-%{jspspec}-api +if [ "$1" = "0" ]; then + %{_sbindir}/update-alternatives --remove jsp \ + %{_javadir}/%{name}-jsp-%{jspspec}-api.jar +fi + +%postun servlet-%{servletspec}-api +if [ "$1" = "0" ]; then + %{_sbindir}/update-alternatives --remove servlet \ + %{_javadir}/%{name}-servlet-%{servletspec}-api.jar +fi + +%postun el-%{elspec}-api +if [ "$1" = "0" ]; then + %{_sbindir}/update-alternatives --remove elspec \ + %{_javadir}/%{name}-el-%{elspec}-api.jar +fi %files %defattr(0664,root,tomcat,0755) @@ -437,7 +519,6 @@ install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf %attr(0755,root,root) %{_libexecdir}/%{name}/preamble %attr(0755,root,root) %{_libexecdir}/%{name}/server %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}.disabled %attr(0755,root,tomcat) %dir %{basedir} %attr(0755,root,tomcat) %dir %{confdir} @@ -455,7 +536,6 @@ install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf %attr(0775,root,tomcat) %dir %{confdir}/Catalina/localhost %attr(0755,root,tomcat) %dir %{confdir}/conf.d %{confdir}/conf.d/README -%{confdir}/conf.d/module-start-up-parameters.conf %config(noreplace) %{confdir}/%{name}.conf %config(noreplace) %{confdir}/*.policy %config(noreplace) %{confdir}/*.properties @@ -475,7 +555,6 @@ install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf %{homedir}/work %{homedir}/logs %{homedir}/conf -%{_sysusersdir}/tomcat.conf %files admin-webapps %defattr(0664,root,tomcat,0755) @@ -485,290 +564,70 @@ install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf %files docs-webapp %{appdir}/docs -%files lib -f .mfiles +%files jsp-%{jspspec}-api -f output/dist/src/res/maven/.mfiles-tomcat-jsp-api +%{_javadir}/%{name}-jsp-%{jspspec}*.jar + +%files lib -f output/dist/src/res/maven/.mfiles-tomcat-lib %dir %{libdir} %{libdir}/*.jar %{_javadir}/*.jar %{bindir}/tomcat-juli.jar +%{_mavenpomdir}/JPP.%{name}-annotations-api.pom +%{_mavenpomdir}/JPP.%{name}-catalina-ha.pom +%{_mavenpomdir}/JPP.%{name}-catalina-tribes.pom +%{_mavenpomdir}/JPP.%{name}-catalina.pom +%{_mavenpomdir}/JPP.%{name}-jasper-el.pom +%{_mavenpomdir}/JPP.%{name}-jasper.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-util.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-jdbc.pom +%{_mavenpomdir}/JPP.%{name}-websocket-api.pom +%{_mavenpomdir}/JPP.%{name}-tomcat-websocket.pom +%{_mavenpomdir}/JPP.%{name}-jaspic-api.pom +%{_datadir}/maven-metadata/tomcat.xml %exclude %{libdir}/%{name}-el-%{elspec}-api.jar -%exclude %{libdir}/%{name}-servlet-%{servletspec}*.jar -%exclude %{libdir}/%{name}-jsp-%{jspspec}*.jar %exclude %{_javadir}/%{name}-servlet-%{servletspec}*.jar %exclude %{_javadir}/%{name}-el-%{elspec}-api.jar %exclude %{_javadir}/%{name}-jsp-%{jspspec}*.jar -%exclude %{_javadir}/%{name}-servlet-api.jar -%exclude %{_javadir}/%{name}-el-api.jar -%exclude %{_javadir}/%{name}-jsp-api.jar -%exclude %{_jnidir}/* -%files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api -%{_javadir}/%{name}-jsp-%{jspspec}*.jar -%{libdir}/%{name}-jsp-%{jspspec}*.jar -%{_javadir}/%{name}-jsp-api.jar - -%files servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api +%files servlet-%{servletspec}-api -f output/dist/src/res/maven/.mfiles-tomcat-servlet-api %doc LICENSE %{_javadir}/%{name}-servlet-%{servletspec}*.jar -%{libdir}/%{name}-servlet-%{servletspec}*.jar -%{_javadir}/%{name}-servlet-api.jar -%files el-%{elspec}-api -f .mfiles-tomcat-el-api +%files el-%{elspec}-api -f output/dist/src/res/maven/.mfiles-tomcat-el-api %doc LICENSE %{_javadir}/%{name}-el-%{elspec}-api.jar %{libdir}/%{name}-el-%{elspec}-api.jar -%{_javadir}/%{name}-el-api.jar %files webapps %defattr(0644,tomcat,tomcat,0755) %{appdir}/ROOT +%{appdir}/examples +%{appdir}/sample + +%files jsvc +%defattr(755,root,root,0755) +%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out %changelog -* Thu Sep 25 2025 Adam Williamson - 1:10.1.46-2 -- Drop now-unnecessary version bounds in java requirements -- Specify java-25-headless, not java-headless (#2398212) - -* Fri Sep 12 2025 Dimitris Soumis - 1:10.1.46-1 -- Update to version 10.1.46 - -* Tue Aug 19 2025 Dimitris Soumis - 1:10.1.43-7 -- Add virtual provides to resolve installability issues - -* Thu Aug 14 2025 Dimitris Soumis - 1:10.1.43-6 -- Rebuilt for the side tag f43-build-side-116701 - -* Tue Jul 29 2025 Dimitris Soumis - 1:10.1.43-5 -- Rebuilt for the side tag f43-build-side-114811 - -* Fri Jan 10 2025 Dimitris Soumis - 1:10.1.34-1 -- Update to version 10.1.34 - -* Mon Dec 09 2024 Packit - 1:9.0.98-1 -- Update to version 9.0.98 -- Resolves: rhbz#2331168 - -* Mon Dec 02 2024 Dimitris Soumis - 1:9.0.97-1 -- Update to version 9.0.97 -- Resolves: rhbz#2327090 - -* Tue Oct 08 2024 Packit - 1:9.0.96-1 -- Update to version 9.0.96 -- Resolves: rhbz#2317237 - -* Tue Sep 17 2024 Packit - 1:9.0.95-1 -- Update to version 9.0.95 -- Resolves: rhbz#2312858 - -* Tue Sep 10 2024 Packit - 1:9.0.94-1 -- Update to version 9.0.94 -- Resolves: rhbz#2311320 - -* Tue Aug 06 2024 Packit - 1:9.0.93-1 -- Update to version 9.0.93 -- Resolves: rhbz#2303026 - -* Wed Jul 24 2024 Miroslav Suchý - 1:9.0.91-1 -- convert license to SPDX - -* Thu Jul 11 2024 Dimitris Soumis - 1:9.0.91-1 -- Update to 9.0.91 - -* Thu Jun 20 2024 Dimitris Soumis - 1:9.0.90-1 -- Update to 9.0.90 - -* Fri Jun 7 2024 Dimitris Soumis - 1:9.0.89-1 -- Update to 9.0.89 - -* Thu Feb 29 2024 Adam Williamson - 1:9.0.83-4 -- Accept java-21-headless as one of the alternatives for java - -* Tue Feb 27 2024 Jiri Vanek - 1:9.0.83-3 -- Rebuilt for java-21-openjdk as system jdk - -* Sat Jan 27 2024 Fedora Release Engineering - 1:9.0.83-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Dec 01 2023 Hui Wang - 1:9.0.83-1 -- Update to 9.0.83 - -* Mon Oct 16 2023 Hui Wang - 1:9.0.82-1 -- Update to 9.0.82 -- Resolves: rhbz#2244333 Wrong dbcp class in tomcat 9 - -* Wed Sep 13 2023 Hui Wang - 1:9.0.80-1 -- Update to 9.0.80 -- Fix java version - -* Fri Aug 04 2023 Hui Wang - 1:9.0.78-4 -- Fix files permission - -* Wed Jul 26 2023 Hui Wang - 1:9.0.78-3 -- Exclude jnidir in the lib subpackage - -* Tue Jul 25 2023 Hui Wang - 1:9.0.78-2 -- Resolves: rhbz#2224318 There are duplicated jars in the tomcat lib subpackage - -* Tue Jul 25 2023 Hui Wang - 1:9.0.78-1 -- Resolves: rhbz#2224318 There are duplicated jars in the tomcat lib-subpackage -- Update to 9.0.78 - -* Sat Jul 22 2023 Fedora Release Engineering - 1:9.0.76-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Tue Jun 20 2023 Hui Wang - 1:9.0.76-2 -- Resolves: rhbz#2189672 Missing Tomcat POM files in Fedora Rawhide -- Remove JDTCompiler patch because ecj has been update -- Update to 9.0.76 -- Resolves: rhbz#2188218 Link bin/tomcat-juli.jar to /usr/share/java -- Move tomcat-jsp-2.3-api.jar,tomcat-servlet-4.0-api.jar and tomcat-el-api.jar to the subpackages - -* Thu Jun 08 2023 Hui Wang - 1:9.0.75-1 -- Update to 9.0.75 - -* Fri Mar 17 2023 Hui Wang - 1:9.0.73-1 -- Update to 9.0.73 - -* Sun Jan 29 2023 Hui Wang - 1:9.0.71-1 -- Update to 9.0.71 -- Remove osgi-annotations patch -- Add bnd-annotation dependency which is in bndlib package - -* Sat Jan 21 2023 Fedora Release Engineering - 1:9.0.70-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Fri Jan 13 2023 Hui Wang - 1:9.0.70-1 -- Update to 9.0.70 - -* Thu Nov 03 2022 Hui Wang - 1:9.0.68-1 -- Update to 9.0.68 - -* Thu Jul 21 2022 Hui Wang - 1:9.0.65-1 -- Update to 9.0.65 - -* Fri Jul 08 2022 Jiri Vanek - 1:9.0.64-2 -- Rebuilt for Drop i686 JDKs - -* Tue Jun 21 2022 Hui Wang - 1:9.0.64-1 -- Update to 9.0.64 -- Add osgi-annotations dependency back - -* Thu Mar 10 2022 Coty Sutherland - 1:9.0.59-3 -- Related: rhbz#2061424 Adjust fix so that it uses the proper env var - -* Tue Mar 08 2022 Coty Sutherland - 1:9.0.59-2 -- Resolves: rhbz#2061424 Add Java 9 start-up parameters to allow reflection - -* Wed Mar 02 2022 Sonia Xu - 1:9.0.59-1 -- Update to 9.0.59 -- Resolves: rhbz#2047419 - CVE-2022-23181 tomcat: local privilege escalation vulnerability - -* Sat Feb 05 2022 Jiri Vanek - 1:9.0.56-3 -- Rebuilt for java-17-openjdk as system jdk - -* Sat Jan 22 2022 Fedora Release Engineering - 1:9.0.56-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Dec 09 2021 Hui Wang - 1:9.0.56-1 -- Update to 9.0.56 - -* Tue Oct 12 2021 Hui Wang - 1:9.0.55-1 -- Update to 9.0.55 - -* Tue Oct 12 2021 Hui Wang - 1:9.0.54-1 -- Update to 9.0.54 - -* Thu Sep 16 2021 Hui Wang - 1:9.0.53-1 -- Update to 9.0.53 - -* Wed Aug 18 2021 Hui Wang - 1:9.0.52-1 -- Update to 9.0.52 - -* Fri Jul 23 2021 Fedora Release Engineering - 1:9.0.50-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Tue Jul 06 2021 Hui Wang - 1:9.0.50-1 -- Update to 9.0.50 - -* Sat Jun 05 2021 Coty Sutherland - 1:9.0.45-4 -- Add back logrotate config file per devel list request -- Add mvn virtual provides back for the servlet, el, and jsp spec impls - -* Fri Jun 04 2021 Coty Sutherland - 1:9.0.45-3 -- Drop geronimo-jaxrpc, which provided the webservices naming factory resources that are generally unused - -* Thu Jun 03 2021 Coty Sutherland - 1:9.0.45-2 -- Remove examples webapps from subpackage -- Updates to javapackages-local removed %%add_maven_depmap which broke the build, - so I removed the maven artifacts as they aren't very useful anyway -- Drop JSVC support as it's not very useful these days -- Drop geronimo-saaj as it's no longer required - -* Thu Apr 22 2021 Hui Wang - 1:9.0.45-1 -- Update to 9.0.45 - -* Thu Mar 18 2021 Hui Wang - 1:9.0.44-1 -- Update to 9.0.44 - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 1:9.0.43-2 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Wed Feb 03 2021 Hui Wang - 1:9.0.43-1 -- Update to 9.0.43 - -* Wed Jan 27 2021 Fedora Release Engineering - 1:9.0.41-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Dec 09 2020 Hui Wang - 1:9.0.41-1 -- Update to 9.0.41 - -* Wed Nov 18 2020 Hui Wang - 1:9.0.40-1 -- Update to 9.0.40 - -* Mon Oct 12 2020 Hui Wang - 1:9.0.39-1 -- Update to 9.0.39 - -* Wed Sep 16 2020 Hui Wang - 1:9.0.38-1 -- Update to 9.0.38 - -* Wed Jul 29 2020 Fedora Release Engineering - 1:9.0.37-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Fri Jul 24 2020 Coty Sutherland - 1:9.0.37-3 -- Related: rhbz#1857043 Temporarily remove OSGi metadata from tomcat jars - -* Mon Jul 20 2020 Coty Sutherland - 1:9.0.37-2 -- Resolves: rhbz#1857043 Add patch to reinclude o.a.t.util.net.jsse and o.a.t.util.moduler.modules in tomcat-coyote.jar - -* Mon Jul 13 2020 Coty Sutherland - 1:9.0.37-1 -- Update to 9.0.37 - -* Sat Jul 11 2020 Jiri Vanek - 1:9.0.36-2 -- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 - -* Wed Jun 10 2020 Hui Wang - 1:9.0.36-1 -- Upgrade to 9.0.36 - -* Sun May 31 2020 Hui Wang - 1:9.0.35-2 -- Upgrade to 9.0.35 - -* Wed Apr 22 2020 Coty Sutherland - 1:9.0.34-2 -- Add updated catalina.policy patch to allow ECJ usage under the Security Manager - * Tue Apr 21 2020 Coty Sutherland - 1:9.0.34-1 - Update to 9.0.34 +- Update dependency for ECJ to version 4.11 + +* Thu Mar 12 2020 Coty Sutherland - 1:9.0.31-2 +- Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration accordingly * Thu Mar 05 2020 Coty Sutherland - 1:9.0.31-1 - Update to 9.0.31 - Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability -* Fri Jan 31 2020 Fedora Release Engineering - 1:9.0.30-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - * Fri Dec 20 2019 Coty Sutherland - 1:9.0.30-1 - Update to 9.0.30 - -* Thu Sep 26 2019 Coty Sutherland - 1:9.0.26-2 -- Resolves: rhbz#1510522 man page uid and gid mismatch for service accounts +- Remove Java 12 support from JDTCompiler due to older ECJ version availablility * Thu Sep 26 2019 Coty Sutherland - 1:9.0.26-1 - Update to 9.0.26