import tomcat-9.0.87-2.el9

c9-beta imports/c9-beta/tomcat-9.0.87-2.el9
MSVSphere Packaging Team 3 months ago
parent 66ba3c6590
commit 0a2c12d5ed
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

2
.gitignore vendored

@ -1 +1 @@
SOURCES/tomcat-9.0.62.redhat-00018-src.zip SOURCES/tomcat-9.0.87.redhat-00005-src.zip

@ -1 +1 @@
5becf21ed1eb5c031c31d5f295ce499234e98f82 SOURCES/tomcat-9.0.62.redhat-00018-src.zip 3aeb163e738a5f2a4d2fc20f72d978813a459d5c SOURCES/tomcat-9.0.87.redhat-00005-src.zip

@ -1,8 +0,0 @@
diff -up ./java/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd.orig ./java/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
--- ./java/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd.orig 2023-02-07 14:11:25.294179017 -0500
+++ ./java/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd 2023-02-07 14:11:28.629196705 -0500
@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with

@ -1,12 +1,11 @@
diff -up ./res/bnd/build-defaults.bnd.orig ./res/bnd/build-defaults.bnd --- ./res/bnd/build-defaults.bnd.orig 2024-05-01 11:07:38.804582327 +0300
--- ./res/bnd/build-defaults.bnd.orig 2020-07-13 13:47:01.229077747 -0400 +++ ./res/bnd/build-defaults.bnd 2024-05-01 11:17:08.857295279 +0300
+++ ./res/bnd/build-defaults.bnd 2020-07-13 13:47:12.923095618 -0400
@@ -13,7 +13,7 @@ @@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
-Bundle-Version: ${version_cleanup;${version}} -Bundle-Version: ${version_cleanup;${version}}
+Bundle-Version: ${version} +Bundle-Version: ${version}
Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt
Specification-Title: Apache Tomcat Specification-Title: Apache Tomcat
Specification-Version: ${version.major.minor}

@ -31,8 +31,8 @@
%global jspspec 2.3 %global jspspec 2.3
%global major_version 9 %global major_version 9
%global minor_version 0 %global minor_version 0
%global micro_version 62 %global micro_version 87
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00018-src %global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00005-src
%global servletspec 4.0 %global servletspec 4.0
%global elspec 3.0 %global elspec 3.0
%global tcuid 53 %global tcuid 53
@ -56,7 +56,7 @@
Name: tomcat Name: tomcat
Epoch: 1 Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version} Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 39%{?dist} Release: 2%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0 License: ASL 2.0
@ -82,7 +82,6 @@ Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
Patch4: rhbz-1857043.patch Patch4: rhbz-1857043.patch
Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
Patch7: JmxRemoteLifecycleListener.patch Patch7: JmxRemoteLifecycleListener.patch
Patch8: fix-malformed-dtd.patch
BuildArch: noarch BuildArch: noarch
@ -94,7 +93,7 @@ BuildRequires: aqute-bnd
BuildRequires: aqute-bndlib BuildRequires: aqute-bndlib
BuildRequires: systemd BuildRequires: systemd
Requires: (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java >= 1:1.8) Requires: (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java >= 1:1.8)
Requires: javapackages-tools Requires: javapackages-tools
Requires: %{name}-lib = %{epoch}:%{version}-%{release} Requires: %{name}-lib = %{epoch}:%{version}-%{release}
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} || 0%{?rhel} > 7
@ -199,7 +198,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch -P4 -p0 %patch -P4 -p0
%patch -P6 -p0 %patch -P6 -p0
%patch -P7 -p1 %patch -P7 -p1
%patch -P8 -p1
# Remove webservices naming resources as it's generally unused # Remove webservices naming resources as it's generally unused
%{__rm} -rf java/org/apache/naming/factory/webservices %{__rm} -rf java/org/apache/naming/factory/webservices
@ -559,18 +557,39 @@ fi
%changelog %changelog
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Resolves: RHEL-46163
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
- Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
* Fri May 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1
- Resolves: RHEL-35812 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29257
tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29252
tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
- Resolves: RHEL-53001 - Amend tomcat's changelog
(CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080)
* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39 * Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39
- Resolves: RHEL-17605 - Resolves: RHEL-17605
tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
* Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-38 * Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-38
- Resolves: RHEL-13908 - Resolves: RHEL-13908
tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
- Resolves: RHEL-13905 - Resolves: RHEL-13905
tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- Resolves: RHEL-12952 - Resolves: RHEL-12952
tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- Resolves: RHEL-12552 - Resolves: RHEL-12552
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Resolves: RHEL-2388 - Resolves: RHEL-2388
tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37 * Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37
- Resolves: RHEL-12551 - Resolves: RHEL-12551
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Remove JDK subpackges which are unused - Remove JDK subpackges which are unused
* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16 * Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16

Loading…
Cancel
Save