Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tomcat for openSUSE:Factory checked in at 2023-05-23 14:54:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tomcat (Old) and /work/SRC/openSUSE:Factory/.tomcat.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tomcat" Tue May 23 14:54:29 2023 rev:93 rq:1088487 version:9.0.75 Changes: -------- --- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes 2023-04-07 18:17:14.940864332 +0200 +++ /work/SRC/openSUSE:Factory/.tomcat.new.1533/tomcat.changes 2023-05-23 14:55:02.482659910 +0200 @@ -1,0 +2,36 @@ +Tue May 23 04:25:45 UTC 2023 - Fridrich Strba <fst...@suse.com> + +- Update to Tomcat 9.0.75. + * See changelog at + https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt) + * Fixes: + + bsc#1211608, CVE-2023-28709 + + bsc#1208513, CVE-2023-24998 (previous incomplete fix) +- Remove patches: + * tomcat-9.0-CVE-2021-30640.patch + * tomcat-9.0-CVE-2021-33037.patch + * tomcat-9.0-CVE-2021-41079.patch + * tomcat-9.0-CVE-2022-23181.patch + * tomcat-9.0-NPE-JNDIRealm.patch + * tomcat-9.0-hardening_getResources.patch + * tomcat-9.0.43-CVE-2021-43980.patch + * tomcat-9.0.43-CVE-2022-42252.patch + * tomcat-9.0.43-CVE-2022-45143.patch + * tomcat-9.0.43-CVE-2023-24998.patch + * tomcat-9.0.43-CVE-2023-28708.patch + + integrated in this version + * tomcat-9.0.43-java8compat.patch + + problem with Java 8 compatibility solved in this version +- Modified patch: + * tomcat-9.0.31-secretRequired-default.patch + -> tomcat-9.0.75-secretRequired-default.patch + + rediffed to changed context + * tomcat-9.0-javadoc.patch + + drop integrated hunks + * tomcat-9.0-osgi-build.patch + + fix to work with current version +- Added patch: + * tomcat-9.0-jdt.patch + + fix build against our ecj + +------------------------------------------------------------------- Old: ---- apache-tomcat-9.0.43-src.tar.gz apache-tomcat-9.0.43-src.tar.gz.asc tomcat-9.0-CVE-2021-30640.patch tomcat-9.0-CVE-2021-33037.patch tomcat-9.0-CVE-2021-41079.patch tomcat-9.0-CVE-2022-23181.patch tomcat-9.0-NPE-JNDIRealm.patch tomcat-9.0-hardening_getResources.patch tomcat-9.0.31-secretRequired-default.patch tomcat-9.0.43-CVE-2021-43980.patch tomcat-9.0.43-CVE-2022-42252.patch tomcat-9.0.43-CVE-2022-45143.patch tomcat-9.0.43-CVE-2023-24998.patch tomcat-9.0.43-CVE-2023-28708.patch tomcat-9.0.43-java8compat.patch New: ---- apache-tomcat-9.0.75-src.tar.gz apache-tomcat-9.0.75-src.tar.gz.asc tomcat-9.0-jdt.patch tomcat-9.0.75-secretRequired-default.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomcat.spec ++++++ --- /var/tmp/diff_new_pack.fhfFXb/_old 2023-05-23 14:55:03.522666063 +0200 +++ /var/tmp/diff_new_pack.fhfFXb/_new 2023-05-23 14:55:03.530666110 +0200 @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 9 %define minor_version 0 -%define micro_version 43 +%define micro_version 75 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name} @@ -77,23 +77,12 @@ Patch3: %{name}-%{major_version}.%{minor_version}-javadoc.patch # PATCH-FIX-OPENSUSE: include all necessary aqute-bnd jars Patch4: tomcat-9.0-osgi-build.patch -# PATCH-FIX-OPENSUSE: cast ByteBuffer to Buffer in cases where there is a risk of using Java 9+ apis -Patch5: tomcat-9.0.43-java8compat.patch +# PATCH-FIX-OPENSUSE: build against our ecj that does not have CompilerOptions.VERSION_16 +Patch5: %{name}-%{major_version}.%{minor_version}-jdt.patch # PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting -Patch6: tomcat-9.0.31-secretRequired-default.patch -Patch7: tomcat-9.0-CVE-2021-41079.patch -Patch8: tomcat-9.0-CVE-2021-33037.patch -Patch9: tomcat-9.0-CVE-2021-30640.patch -Patch10: tomcat-9.0-NPE-JNDIRealm.patch -Patch11: tomcat-9.0-CVE-2022-23181.patch -Patch12: tomcat-9.0-hardening_getResources.patch -Patch13: tomcat-9.0.43-CVE-2021-43980.patch -Patch14: tomcat-9.0.43-CVE-2022-42252.patch -Patch15: tomcat-9.0-fix_catalina.patch -Patch16: tomcat-9.0-logrotate_everything.patch -Patch17: tomcat-9.0.43-CVE-2023-24998.patch -Patch18: tomcat-9.0.43-CVE-2023-28708.patch -Patch19: tomcat-9.0.43-CVE-2022-45143.patch +Patch6: tomcat-9.0.75-secretRequired-default.patch +Patch7: tomcat-9.0-fix_catalina.patch +Patch8: tomcat-9.0-logrotate_everything.patch BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr @@ -268,17 +257,6 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl ++++++ apache-tomcat-9.0.43-src.tar.gz -> apache-tomcat-9.0.75-src.tar.gz ++++++ ++++ 303032 lines of diff (skipped) ++++++ tomcat-9.0-javadoc.patch ++++++ --- /var/tmp/diff_new_pack.fhfFXb/_old 2023-05-23 14:55:05.066675199 +0200 +++ /var/tmp/diff_new_pack.fhfFXb/_new 2023-05-23 14:55:05.070675223 +0200 @@ -2,72 +2,6 @@ =================================================================== --- apache-tomcat-9.0.35-src.orig/build.xml +++ apache-tomcat-9.0.35-src/build.xml -@@ -1902,7 +1902,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -1924,7 +1924,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -1945,7 +1945,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -1966,7 +1966,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -1987,7 +1987,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -2005,9 +2005,10 @@ Apache Tomcat ${version} native binaries - docencoding="UTF-8" - charset="UTF-8" - additionalparam="-breakiterator -notimestamp" -+ source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> -@@ -2027,7 +2028,7 @@ Apache Tomcat ${version} native binaries - source="${compile.source}" - maxmemory="512m" - failonerror="true" -- failonwarning="true"> -+ failonwarning="false"> - <classpath> - <path refid="compile.classpath"/> - <path location="${ant.core.lib}"/> @@ -2038,8 +2039,6 @@ Apache Tomcat ${version} native binaries <link href="../elapi"/> <link href="../websocketapi"/> ++++++ tomcat-9.0-jdt.patch ++++++ --- apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 18:12:16.915658492 +0200 +++ apache-tomcat-9.0.75-src/java/org/apache/jasper/compiler/JDTCompiler.java 2023-05-22 19:45:14.491706823 +0200 @@ -310,7 +310,7 @@ } else if(opt.equals("15")) { settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15); } else if(opt.equals("16")) { - settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16); + settings.put(CompilerOptions.OPTION_Source, "16"); } else if(opt.equals("17")) { // Constant not available in latest ECJ version that runs on // Java 8. @@ -392,8 +392,8 @@ settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15); settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15); } else if(opt.equals("16")) { - settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16); - settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16); + settings.put(CompilerOptions.OPTION_TargetPlatform, "16"); + settings.put(CompilerOptions.OPTION_Compliance, "16"); } else if(opt.equals("17")) { // Constant not available in latest ECJ version that runs on // Java 8. ++++++ tomcat-9.0-osgi-build.patch ++++++ --- /var/tmp/diff_new_pack.fhfFXb/_old 2023-05-23 14:55:05.122675530 +0200 +++ /var/tmp/diff_new_pack.fhfFXb/_new 2023-05-23 14:55:05.126675554 +0200 @@ -1,8 +1,18 @@ -Index: apache-tomcat-9.0.37-src/build.xml -=================================================================== ---- apache-tomcat-9.0.37-src.orig/build.xml -+++ apache-tomcat-9.0.37-src/build.xml -@@ -3307,6 +3307,13 @@ Read the Building page on the Apache Tom +--- apache-tomcat-9.0.75-src/build.xml 2023-05-22 18:12:16.995658642 +0200 ++++ apache-tomcat-9.0.75-src/build.xml 2023-05-22 19:41:42.051370923 +0200 +@@ -215,10 +215,10 @@ + + <!-- Classpaths --> + <path id="compile.classpath"> +- <pathelement location="${bnd.jar}"/> + <pathelement location="${jdt.jar}"/> + <pathelement location="${jaxrpc-lib.jar}"/> + <pathelement location="${wsdl4j-lib.jar}"/> ++ <path refid="bnd.classpath"/> + </path> + + <path id="tomcat.classpath"> +@@ -3845,6 +3845,13 @@ <!-- Add bnd tasks to project --> <path id="bnd.classpath"> <fileset file="${bnd.jar}" /> ++++++ tomcat-9.0.31-secretRequired-default.patch -> tomcat-9.0.75-secretRequired-default.patch ++++++ --- /work/SRC/openSUSE:Factory/tomcat/tomcat-9.0.31-secretRequired-default.patch 2020-02-28 15:22:21.498017353 +0100 +++ /work/SRC/openSUSE:Factory/.tomcat.new.1533/tomcat-9.0.75-secretRequired-default.patch 2023-05-23 14:55:02.398659413 +0200 @@ -1,13 +1,11 @@ -Index: apache-tomcat-9.0.31-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java -=================================================================== ---- apache-tomcat-9.0.31-src.orig/java/org/apache/coyote/ajp/AbstractAjpProtocol.java -+++ apache-tomcat-9.0.31-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java -@@ -180,7 +180,7 @@ public abstract class AbstractAjpProtoco +--- apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:12:16.907658477 +0200 ++++ apache-tomcat-9.0.75-src/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2023-05-22 18:31:07.969096813 +0200 +@@ -177,7 +177,7 @@ } - private boolean secretRequired = true; + private boolean secretRequired = false; + public void setSecretRequired(boolean secretRequired) { this.secretRequired = secretRequired; - } ++++++ tomcat.keyring ++++++ ++++ 704 lines (skipped) ++++ between tomcat.keyring ++++ and /work/SRC/openSUSE:Factory/.tomcat.new.1533/tomcat.keyring
