Hello community, here is the log from the commit of package tomcat for openSUSE:Factory checked in at 2018-10-11 11:38:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tomcat (Old) and /work/SRC/openSUSE:Factory/.tomcat.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tomcat" Thu Oct 11 11:38:39 2018 rev:44 rq:639608 version:9.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes 2018-07-23 18:03:48.368722711 +0200 +++ /work/SRC/openSUSE:Factory/.tomcat.new/tomcat.changes 2018-10-11 11:38:41.907302648 +0200 @@ -1,0 +2,28 @@ +Tue Sep 11 10:34:02 UTC 2018 - [email protected] + +- Declare following files to config(noreplace) to prevent override + access rights: + - host-manager/META-INF/context.xml + - manager/META-INF/context.xml + +------------------------------------------------------------------- +Sun Aug 26 22:01:07 UTC 2018 - [email protected] + +- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's + configuration during update (bsc#1067720) + +------------------------------------------------------------------- +Tue Aug 16 14:13:23 UTC 2018 - [email protected] + +- Update to Tomcat 9.0.10. See changelog at + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) +- Fixed CVEs: + - CVE-2018-1336 (bsc#1102400) + - CVE-2018-8014 (bsc#1093697) + - CVE-2018-8034 (bsc#1102379) + - CVE-2018-8037 (bsc#1102410) +- Rebased patch tomcat-9.0-JDTCompiler-java.patch +- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding + OSGi metadata to JAR files + +------------------------------------------------------------------- Old: ---- apache-tomcat-9.0.5-src.tar.gz apache-tomcat-9.0.5-src.tar.gz.asc New: ---- apache-tomcat-9.0.10-src.tar.gz apache-tomcat-9.0.10-src.tar.gz.asc tomcat-9.0-disable-osgi-build.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomcat.spec ++++++ --- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:43.523300590 +0200 +++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:43.523300590 +0200 @@ -22,7 +22,7 @@ %define elspec 3.0 %define major_version 9 %define minor_version 0 -%define micro_version 5 +%define micro_version 10 %define packdname apache-tomcat-%{version}-src # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %global basedir /srv/%{name} @@ -46,7 +46,7 @@ License: Apache-2.0 Group: Productivity/Networking/Web/Servers Url: http://tomcat.apache.org -Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz +Source0: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf Source2: %{name}-%{major_version}.%{minor_version}.init Source3: %{name}-%{major_version}.%{minor_version}.sysconfig @@ -69,7 +69,7 @@ Source31: tomcat-server Source32: tomcat-named.service Source1000: tomcat-rpmlintrc -Source1001: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc +Source1001: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc Source1002: %{name}.keyring #PATCH-FIX-UPSTREAM: from jpackage.org package Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch @@ -83,6 +83,9 @@ Patch3: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch # PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files Patch4: %{name}-%{major_version}.%{minor_version}-javadoc.patch +# PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE +Patch5: tomcat-9.0-disable-osgi-build.patch + BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr BuildRequires: apache-commons-collections @@ -97,7 +100,8 @@ BuildRequires: geronimo-qname-1_1-api BuildRequires: geronimo-saaj-1_1-api BuildRequires: jakarta-taglibs-standard >= 1.1 -BuildRequires: java-devel >= 1.8 +#BuildRequires: java-devel >= 1.8 +BuildRequires: java-devel = 1.8.0 BuildRequires: javapackages-local BuildRequires: javapackages-tools BuildRequires: junit @@ -133,6 +137,8 @@ intended to be a collaboration of the best-of-breed developers from around the world. +ATTENTION-> This tomcat is build with java 1.8.0 + %package admin-webapps Summary: The host-manager and manager web applications for Apache Tomcat Group: Productivity/Networking/Web/Servers @@ -252,6 +258,7 @@ %patch2 %patch3 %patch4 +%patch5 # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl @@ -285,6 +292,7 @@ -Dnsis.exe="HACK" \ -Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \ -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \ + -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1_1-api)" \ -Dcommons-pool.home="$(build-classpath commons-pool2)" \ -Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \ -Dno.build.dbcp=true \ @@ -696,7 +704,9 @@ %files admin-webapps %{appdir}/host-manager +%config(noreplace) %{appdir}/host-manager/META-INF/context.xml %{appdir}/manager +%config(noreplace) %{appdir}/manager/META-INF/context.xml %files docs-webapp %doc %{appdir}/docs ++++++ apache-tomcat-9.0.5-src.tar.gz -> apache-tomcat-9.0.10-src.tar.gz ++++++ ++++ 53615 lines of diff (skipped) ++++++ tomcat-9.0-JDTCompiler-java.patch ++++++ --- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:44.403299469 +0200 +++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:44.407299465 +0200 @@ -3,37 +3,50 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== ---- java/org/apache/jasper/compiler/JDTCompiler.java (date 1506521372000) -+++ java/org/apache/jasper/compiler/JDTCompiler.java (revision ) -@@ -312,10 +312,10 @@ +--- java/org/apache/jasper/compiler/JDTCompiler.java (revision 6bbf738a0e56d1793022b15e9aca9b690699216b) ++++ java/org/apache/jasper/compiler/JDTCompiler.java (date 1534261527000) +@@ -312,15 +312,16 @@ CompilerOptions.VERSION_1_7); } else if(opt.equals("1.8")) { settings.put(CompilerOptions.OPTION_Source, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { settings.put(CompilerOptions.OPTION_Source, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_9); ++ "9"); + } else if(opt.equals("10")) { + settings.put(CompilerOptions.OPTION_Source, +- CompilerOptions.VERSION_10); ++ "10"); ++ } else { log.warn("Unknown source VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_Source, -@@ -359,14 +359,14 @@ - CompilerOptions.VERSION_1_7); - } else if(opt.equals("1.8")) { +@@ -366,19 +367,19 @@ settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_8); -+ "1.8"); // CompilerOptions.VERSION_1_8 + CompilerOptions.VERSION_1_8); settings.put(CompilerOptions.OPTION_Compliance, - CompilerOptions.VERSION_1_8); + "1.8"); // CompilerOptions.VERSION_1_8 - } else if(opt.equals("1.9")) { + // Version format changed from Java 9 onwards. + // Support old format that was used in EA implementation as well + } else if(opt.equals("9") || opt.equals("1.9")) { + settings.put(CompilerOptions.OPTION_TargetPlatform, +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 + settings.put(CompilerOptions.OPTION_Compliance, +- CompilerOptions.VERSION_9); ++ "9"); // CompilerOptions.VERSION_1_9 + } else if(opt.equals("10")) { settings.put(CompilerOptions.OPTION_TargetPlatform, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_10); ++ "10"); settings.put(CompilerOptions.OPTION_Compliance, -- CompilerOptions.VERSION_1_9); -+ "1.9"); // CompilerOptions.VERSION_1_9 +- CompilerOptions.VERSION_10); ++ "10"); } else { log.warn("Unknown target VM " + opt + " ignored."); settings.put(CompilerOptions.OPTION_TargetPlatform, ++++++ tomcat-9.0-disable-osgi-build.patch ++++++ Index: build.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- build.xml (date 1529515764000) +++ build.xml (date 1534335916000) @@ -15,7 +15,8 @@ See the License for the specific language governing permissions and limitations under the License. --> -<project name="Tomcat 9.0" default="deploy" basedir="."> +<project name="Tomcat 9.0" default="deploy" basedir="." + xmlns:if="ant:if" xmlns:unless="ant:unless"> <!-- ===================== Initialize Property Values ==================== --> @@ -728,7 +729,7 @@ </target> <target name="build-bnd" unless="bnd.uptodate" - depends="setup-bnd,build-prepare"> + depends="setup-bnd,build-prepare" if="add.osgi.jar.metadata"> <mkdir dir="${tomcat.bnd}" /> <copy todir="${tomcat.bnd}" overwrite="yes" filtering="yes" @@ -2970,7 +2971,7 @@ <!-- ======================= Macros, Taskdefs etc ======================== --> - <target name="setup-bnd" > + <target name="setup-bnd" if="add.osgi.jar.metadata"> <!-- Download bnd --> <antcall target="downloadfile"> <param name="sourcefile" value="${bnd.loc}"/> @@ -3025,7 +3026,7 @@ <zipfileset file="@{notice}" fullpath="META-INF/NOTICE" /> <zipfileset file="@{license}" fullpath="META-INF/LICENSE" /> </jar> - <antcall target="add-osgi" > + <antcall target="add-osgi" if:set="add.osgi.jar.metadata"> <param name="jarfile" value="@{jarfile}" /> <param name="addOSGi" value="@{addOSGi}" /> </antcall> ++++++ tomcat-9.0.sysconfig ++++++ --- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:44.507299338 +0200 +++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:44.507299338 +0200 @@ -1,11 +0,0 @@ -# Service-specific configuration file for tomcat. This will be sourced by -# systemd for the default service (tomcat.service) -# If you want to customize named instance, make a similar file -# and name it tomcat@instancename. - -# You will not need to set this, usually. For default service it equals -# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME} -#CATALINA_BASE="@@@TCHOME@@@" - -# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you -# can override. ++++++ tomcat-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:44.571299256 +0200 +++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:44.575299251 +0200 @@ -1,2 +1,4 @@ #fix of bnc#520532 addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/ROOT.*") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/host-manager/META-INF/context.xml") +addFilter(".*non-etc-or-var-file-marked-as-conffile /srv/tomcat/webapps/manager/META-INF/context.xml")
