[packages/tomcat] - up to 7.0.90; fixes CVE-2017-12617

arekm Thu, 26 Jul 2018 05:26:44 -0700

commit bdef47f6371f21103933b115ba75680331459214
Author: Arkadiusz Miśkiewicz <ar...@maven.pl>
Date:   Thu Jul 26 14:25:54 2018 +0200


    - up to 7.0.90; fixes CVE-2017-12617

 tomcat-build.xml.patch | 25 +++++++++++++++++++++++--
 tomcat.spec            |  8 ++++----
 2 files changed, 27 insertions(+), 6 deletions(-)
---
diff --git a/tomcat.spec b/tomcat.spec
index 0a8f854..cb9adc6 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -9,18 +9,18 @@
 %define                tomcatnatver    1.1.27
 
 # Java Commons Logging version. Must be >= 1.1.
-%define                jclver  1.1.3
+%define                jclver  1.2
 
 %include       /usr/lib/rpm/macros.java
 Summary:       Web server and Servlet/JSP Engine, RI for Servlet 
%{servletapiver}/JSP %{jspapiver} API
 Summary(pl.UTF-8):     Serwer www i silnik Servlet/JSP będący wzorcową 
implementacją API Servlet %{servletapiver}/JSP %{jspapiver}
 Name:          tomcat
-Version:       7.0.88
+Version:       7.0.90
 Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/Java
 Source0:       
http://www.apache.org/dist/tomcat/tomcat-7/v%{version}/src/apache-%{name}-%{version}-src.tar.gz
-# Source0-md5: 839796dfd31ac436c009006f1f815b10
+# Source0-md5: d5b2197a0a5fcc2101aa54648acab2b2
 Source1:       apache-%{name}.init
 Source2:       apache-%{name}.sysconfig
 Source3:       %{name}-build.properties
@@ -32,7 +32,7 @@ Source14:     %{name}-context-examples.xml
 Source15:      %{name}.logrotate
 Source16:      log4j.properties
 Source100:     
http://www.apache.org/dist/commons/logging/source/commons-logging-%{jclver}-src.tar.gz
-# Source100-md5:       e8e197d628436490886d17cffa108fe3
+# Source100-md5:       ce977548f1cbf46918e93cd38ac35163
 Patch0:                %{name}-build.xml.patch
 Patch1:                server.xml-URIEncoding-utf8.patch
 Patch2:                %{name}-LDAPUserDatabase.patch
diff --git a/tomcat-build.xml.patch b/tomcat-build.xml.patch
index 487f131..52ed244 100644
--- a/tomcat-build.xml.patch
+++ b/tomcat-build.xml.patch
@@ -27,7 +27,7 @@
            if="${test.cobertura}"
            description="Adds Cobertura instrumentation to the compiled 
bytecode">
  
-@@ -1430,52 +1369,10 @@
+@@ -1556,67 +1556,10 @@
      <mkdir dir="${tomcat.extras}/webservices"/>
    </target>
  
@@ -40,30 +40,45 @@
 -      <param name="sourcefile.2" value="${commons-logging-src.loc.2}"/>
 -      <param name="destfile" value="${commons-logging-src.tar.gz}"/>
 -      <param name="destdir" value="${commons-logging.home}"/>
+-      <param name="checksum.enabled" 
value="${commons-logging-src.checksum.enabled}"/>
+-      <param name="checksum.algorithm" 
value="${commons-logging-src.checksum.algorithm}"/>
+-      <param name="checksum.value" 
value="${commons-logging-src.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${avalon-framework.loc}"/>
 -      <param name="destfile" value="${avalon-framework.jar}"/>
 -      <param name="destdir" value="${avalon-framework.home}"/>
+-      <param name="checksum.enabled" 
value="${avalon-framework.checksum.enabled}"/>
+-      <param name="checksum.algorithm" 
value="${avalon-framework.checksum.algorithm}"/>
+-      <param name="checksum.value" 
value="${avalon-framework.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${log4j.loc}"/>
 -      <param name="destfile" value="${log4j.jar}"/>
 -      <param name="destdir" value="${log4j.home}"/>
+-      <param name="checksum.enabled" value="${log4j.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${log4j.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${log4j.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${logkit.loc}"/>
 -      <param name="destfile" value="${logkit.jar}"/>
 -      <param name="destdir" value="${logkit.home}"/>
+-      <param name="checksum.enabled" value="${logkit.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${logkit.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${logkit.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${servletapi.loc}"/>
 -      <param name="destfile" value="${servletapi.jar}"/>
 -      <param name="destdir" value="${servletapi.home}"/>
+-      <param name="checksum.enabled" value="${servletapi.checksum.enabled}"/>
+-      <param name="checksum.algorithm" 
value="${servletapi.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${servletapi.checksum.value}"/>
 -    </antcall>
 -
 -  </target>
@@ -91,7 +106,7 @@
        <fileset file="${log4j.jar}" />
        <fileset file="${logkit.jar}" />
        <fileset file="${servletapi.jar}" />
-@@ -1577,18 +1475,6 @@
+@@ -1660,24 +1660,6 @@
            depends="extras-prepare"
            description="Prepare to build web services extras package">
  
@@ -99,12 +114,18 @@
 -      <param name="sourcefile" value="${jaxrpc-lib.loc}"/>
 -      <param name="destfile" value="${jaxrpc-lib.jar}"/>
 -      <param name="destdir" value="${jaxrpc-lib.home}"/>
+-      <param name="checksum.enabled" value="${jaxrpc-lib.checksum.enabled}"/>
+-      <param name="checksum.algorithm" 
value="${jaxrpc-lib.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${jaxrpc-lib.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${wsdl4j-lib.loc}"/>
 -      <param name="destfile" value="${wsdl4j-lib.jar}"/>
 -      <param name="destdir" value="${wsdl4j-lib.home}"/>
+-      <param name="checksum.enabled" value="${wsdl4j-lib.checksum.enabled}"/>
+-      <param name="checksum.algorithm" 
value="${wsdl4j-lib.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${wsdl4j-lib.checksum.value}"/>
 -    </antcall>
 -
      <copy file="${jaxrpc-lib.jar}"
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/tomcat.git/commitdiff/bdef47f6371f21103933b115ba75680331459214

_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

[packages/tomcat] - up to 7.0.90; fixes CVE-2017-12617

Reply via email to