[packages/tomcat] - up to 7.0.100; fixes CVE-2019-17563, CVE-2019-12418, CVE-2019-17569, CVE-2020-1935, CVE-2020-1938
arekm
arekm at pld-linux.org
Sat Feb 29 19:34:10 CET 2020
commit 60f80b6f9ad45aa9bdc238b22c7446da3464184e
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sat Feb 29 19:33:54 2020 +0100
- up to 7.0.100; fixes CVE-2019-17563, CVE-2019-12418, CVE-2019-17569, CVE-2020-1935, CVE-2020-1938 (remote code execution)
jcl.patch | 13 +++----
server.xml-URIEncoding-utf8.patch | 15 ++++----
tomcat-build.patch | 72 +++++++++++++++++----------------------
tomcat-build.xml.patch | 38 +++++++++++++--------
tomcat.spec | 6 ++--
5 files changed, 73 insertions(+), 71 deletions(-)
---
diff --git a/tomcat.spec b/tomcat.spec
index 450f435..e8343e2 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -14,12 +14,12 @@
Summary: Web server and Servlet/JSP Engine, RI for Servlet %{servletapiver}/JSP %{jspapiver} API
Summary(pl.UTF-8): Serwer www i silnik Servlet/JSP będący wzorcową implementacją API Servlet %{servletapiver}/JSP %{jspapiver}
Name: tomcat
-Version: 7.0.94
-Release: 2
+Version: 7.0.100
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/Java
Source0: http://www.apache.org/dist/tomcat/tomcat-7/v%{version}/src/apache-%{name}-%{version}-src.tar.gz
-# Source0-md5: ab9ce1e8190fbfed2b4843c2ca69106c
+# Source0-md5: ad3d9bec243bfa25c2f66dd0961d8c83
Source1: apache-%{name}.init
Source2: apache-%{name}.sysconfig
Source3: %{name}-build.properties
diff --git a/jcl.patch b/jcl.patch
index 89c8709..83cb394 100644
--- a/jcl.patch
+++ b/jcl.patch
@@ -5,12 +5,13 @@ otherwise deps for jcl build don't get set
--- tc7.0.x/build.xml~ 2015-07-26 22:42:44.873164872 +0300
+++ tc7.0.x/build.xml 2015-07-26 22:53:44.930780044 +0300
-@@ -1613,7 +1613,7 @@
+@@ -1715,7 +1715,7 @@
<ant antfile="${tomcat.extras}/logging/commons-logging-${commons-logging.version}-src/build2.xml"
dir="${tomcat.extras}/logging/commons-logging-${commons-logging.version}-src"
-- inheritAll="false" target="compile" />
-+ inheritAll="true" target="compile" />
-
- <jar jarfile="${tomcat-juli-extras.jar}"
- manifest="${tomcat.manifests}/default.manifest"
+- inheritAll="false" target="compile" >
++ inheritAll="true" target="compile" >
+ <property name="source.version" value="${logging.compile.source}" />
+ <property name="target.version" value="${logging.compile.target}" />
+ </ant>
+
diff --git a/server.xml-URIEncoding-utf8.patch b/server.xml-URIEncoding-utf8.patch
index 7c22914..0a7f8bc 100644
--- a/server.xml-URIEncoding-utf8.patch
+++ b/server.xml-URIEncoding-utf8.patch
@@ -18,7 +18,7 @@
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
-@@ -86,12 +86,12 @@
+@@ -87,7 +87,7 @@
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
@@ -27,9 +27,12 @@
clientAuth="false" sslProtocol="TLS" />
-->
- <!-- Define an AJP 1.3 Connector on port 8009 -->
-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
-
+@@ -96,6 +96,7 @@
+ <Connector protocol="AJP/1.3"
+ address="::1"
+ port="8009"
++ URIEncoding="UTF-8"
+ redirectPort="8443" />
+ -->
- <!-- An Engine represents the entry point (within Catalina) that processes
+
diff --git a/tomcat-build.patch b/tomcat-build.patch
index 0a1afce..7dee225 100644
--- a/tomcat-build.patch
+++ b/tomcat-build.patch
@@ -1,66 +1,56 @@
---- apache-tomcat-7.0.70-src/build.xml~ 2016-07-19 15:43:44.000000000 +0200
-+++ apache-tomcat-7.0.70-src/build.xml 2016-07-19 15:48:19.615551746 +0200
-@@ -1836,7 +1836,7 @@ Apache Tomcat ${version} native binaries
+--- apache-tomcat-7.0.100-src/build.xml~ 2020-02-29 19:29:03.000000000 +0100
++++ apache-tomcat-7.0.100-src/build.xml 2020-02-29 19:30:10.956020378 +0100
+@@ -1981,7 +1981,7 @@ Apache Tomcat ${version} native binaries
+ encoding="UTF-8"
+ docencoding="UTF-8"
+ charset="UTF-8"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options}"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options}"
+ source="${compile.source}"
+ maxmemory="512m"
+ failonerror="true">
+@@ -2002,7 +2002,7 @@ Apache Tomcat ${version} native binaries
encoding="ISO-8859-1"
docencoding="ISO-8859-1"
charset="ISO-8859-1"
-- additionalparam="-breakiterator -notimestamp"
-+ additionalparam="-Xdoclint:none -breakiterator -notimestamp"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options}"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options}"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- executable="${java.7.home}/bin/javadoc">
---- apache-tomcat-7.0.70-src/build.xml~ 2016-07-19 15:48:55.000000000 +0200
-+++ apache-tomcat-7.0.70-src/build.xml 2016-07-19 15:52:07.842156930 +0200
-@@ -1857,7 +1857,7 @@ Apache Tomcat ${version} native binaries
+@@ -2024,7 +2024,7 @@ Apache Tomcat ${version} native binaries
encoding="ISO-8859-1"
docencoding="ISO-8859-1"
charset="ISO-8859-1"
-- additionalparam="-breakiterator -notimestamp"
-+ additionalparam="-Xdoclint:none -breakiterator -notimestamp"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options}"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options}"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- executable="${java.7.home}/bin/javadoc">
---- apache-tomcat-7.0.70-src/build.xml~ 2016-07-19 15:52:27.000000000 +0200
-+++ apache-tomcat-7.0.70-src/build.xml 2016-07-19 15:53:28.337957151 +0200
-@@ -1919,7 +1919,7 @@ Apache Tomcat ${version} native binaries
+@@ -2046,7 +2046,7 @@ Apache Tomcat ${version} native binaries
encoding="ISO-8859-1"
docencoding="ISO-8859-1"
charset="ISO-8859-1"
-- additionalparam="-breakiterator -notimestamp"
-+ additionalparam="-Xdoclint:none -breakiterator -notimestamp"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options}"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options}"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- executable="${java.7.home}/bin/javadoc">
---- apache-tomcat-7.0.81-src/build.xml~ 2017-10-04 11:16:30.000000000 +0200
-+++ apache-tomcat-7.0.81-src/build.xml 2017-10-04 11:48:42.218524719 +0200
-@@ -1932,7 +1932,7 @@ Apache Tomcat ${version} native binaries
+@@ -2068,7 +2068,7 @@ Apache Tomcat ${version} native binaries
encoding="ISO-8859-1"
docencoding="ISO-8859-1"
charset="ISO-8859-1"
-- additionalparam="-breakiterator -notimestamp"
-+ additionalparam="-Xdoclint:none -breakiterator -notimestamp"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options}"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options}"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- executable="${java.7.home}/bin/javadoc">
---- apache-tomcat-7.0.94-src/build.xml~ 2019-05-08 09:40:51.000000000 +0200
-+++ apache-tomcat-7.0.94-src/build.xml 2019-05-08 09:42:01.675738032 +0200
-@@ -2559,7 +2559,7 @@ Apache Tomcat ${version} native binaries
-
- <target name="download-deps"
- description="Download the dependencies required to build and test"
-- depends="download-compile, download-dist, download-test-compile, download-validate, download-cobertura, extras-commons-logging-prepare, extras-webservices-prepare" />
-+ depends="download-compile, download-dist, download-test-compile, download-validate, download-cobertura, extras-webservices-prepare" />
-
- <target name="download-validate"
- description="Download components necessary to validate source"
---- apache-tomcat-7.0.94-src/build.xml~ 2019-05-08 09:42:27.000000000 +0200
-+++ apache-tomcat-7.0.94-src/build.xml 2019-05-08 09:52:06.183789472 +0200
-@@ -1955,7 +1955,7 @@ Apache Tomcat ${version} native binaries
+@@ -2089,7 +2089,7 @@ Apache Tomcat ${version} native binaries
encoding="ISO-8859-1"
docencoding="ISO-8859-1"
charset="ISO-8859-1"
-- additionalparam="-breakiterator -notimestamp"
-+ additionalparam="-Xdoclint:none -breakiterator -notimestamp"
+- additionalparam="-breakiterator -notimestamp ${java9.javadoc.options} -J-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -XDignore.symbol.file"
++ additionalparam="-Xdoclint:none -breakiterator -notimestamp ${java9.javadoc.options} -J-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -XDignore.symbol.file"
+ source="${compile.source}"
maxmemory="512m"
failonerror="true"
- executable="${java.7.home}/bin/javadoc">
diff --git a/tomcat-build.xml.patch b/tomcat-build.xml.patch
index 2f33c98..ddd2797 100644
--- a/tomcat-build.xml.patch
+++ b/tomcat-build.xml.patch
@@ -1,6 +1,6 @@
---- apache-tomcat-7.0.63-src/build.xml~ 2015-06-30 11:15:44.000000000 +0300
-+++ apache-tomcat-7.0.63-src/build.xml 2015-07-26 21:31:46.613106110 +0300
-@@ -655,7 +655,7 @@
+--- apache-tomcat-7.0.100-src/build.xml.org 2020-02-11 09:39:54.000000000 +0100
++++ apache-tomcat-7.0.100-src/build.xml 2020-02-29 19:19:42.236875428 +0100
+@@ -683,7 +683,7 @@
<target name="compile" depends="compile-java6, check-java7, compile-java7" />
<target name="compile-java6"
@@ -9,7 +9,7 @@
<!-- Compile internal server components -->
<javac srcdir="java" destdir="${tomcat.classes}"
debug="${compile.debug}"
-@@ -1198,7 +1198,7 @@
+@@ -1409,7 +1409,7 @@
</target>
@@ -18,16 +18,16 @@
<mkdir dir="${test.classes}"/>
<!-- Compile -->
<javac srcdir="test" destdir="${test.classes}"
-@@ -1371,7 +1310,7 @@
- </path>
+@@ -1621,7 +1621,7 @@
</target>
-- <target name="cobertura-instrument" depends="compile,download-cobertura,cobertura-disabled"
-+ <target name="cobertura-instrument" depends="compile,cobertura-disabled"
- if="${test.cobertura}"
+ <target name="cobertura-instrument"
+- depends="compile,download-cobertura,cobertura-disabled,cobertura-disabled-log"
++ depends="compile,cobertura-disabled,cobertura-disabled-log"
+ if="${cobertura.enabled}"
description="Adds Cobertura instrumentation to the compiled bytecode">
-@@ -1556,67 +1556,10 @@
+@@ -1681,67 +1681,10 @@
<mkdir dir="${tomcat.extras}/webservices"/>
</target>
@@ -96,7 +96,7 @@
<replace dir="${tomcat.extras}/logging/commons-logging-${commons-logging.version}-src/src/main/java/org/apache/commons"
encoding="ISO-8859-1">
<replacefilter token="org.apache.commons"
-@@ -1497,7 +1394,8 @@
+@@ -1763,7 +1706,8 @@
file="${tomcat.extras}/logging/commons-logging-${commons-logging.version}-src/build.xml" />
<copy todir="${tomcat.extras}/logging/commons-logging-${commons-logging.version}-src">
@@ -106,7 +106,7 @@
<fileset file="${log4j.jar}" />
<fileset file="${logkit.jar}" />
<fileset file="${servletapi.jar}" />
-@@ -1660,24 +1660,6 @@
+@@ -1842,24 +1786,6 @@
depends="extras-prepare"
description="Prepare to build web services extras package">
@@ -131,7 +131,7 @@
<copy file="${jaxrpc-lib.jar}"
tofile="${tomcat.extras}/webservices/jaxrpc.jar" />
<copy file="${wsdl4j-lib.jar}"
-@@ -1694,7 +1580,7 @@
+@@ -1961,7 +1887,7 @@
</target>
@@ -140,7 +140,7 @@
<mkdir dir="${tomcat.dist}"/>
<mkdir dir="${tomcat.dist}/bin"/>
<mkdir dir="${tomcat.dist}/conf"/>
-@@ -1832,13 +1832,6 @@
+@@ -2034,13 +1960,6 @@
</fileset>
</copy>
@@ -154,4 +154,12 @@
<echo append="false" file="${tomcat.dist}/bin/x64/README">
Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform.
</echo>
-
+@@ -2791,7 +2791,7 @@ skip.installer property in build.propert
+
+ <target name="download-deps"
+ description="Download the dependencies required to build and test"
+- depends="download-compile, download-dist, download-test-compile, download-validate, download-cobertura, extras-commons-logging-prepare, extras-webservices-prepare" />
++ depends="download-compile, download-dist, download-test-compile, download-validate, download-cobertura, extras-webservices-prepare" />
+
+ <target name="download-validate"
+ description="Download components necessary to validate source"
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/tomcat.git/commitdiff/60f80b6f9ad45aa9bdc238b22c7446da3464184e
More information about the pld-cvs-commit
mailing list