[packages/tomcat] - up to 7.0.90; fixes CVE-2017-12617

Thu Jul 26 14:26:00 CEST 2018

commit bdef47f6371f21103933b115ba75680331459214
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jul 26 14:25:54 2018 +0200

    - up to 7.0.90; fixes CVE-2017-12617

 tomcat-build.xml.patch | 25 +++++++++++++++++++++++--
 tomcat.spec            |  8 ++++----
 2 files changed, 27 insertions(+), 6 deletions(-)
---

diff --git a/tomcat.spec b/tomcat.spec
index 0a8f854..cb9adc6 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -9,18 +9,18 @@
 %define		tomcatnatver	1.1.27
 
 # Java Commons Logging version. Must be >= 1.1.
-%define		jclver	1.1.3
+%define		jclver	1.2
 
 %include	/usr/lib/rpm/macros.java
 Summary:	Web server and Servlet/JSP Engine, RI for Servlet %{servletapiver}/JSP %{jspapiver} API
 Summary(pl.UTF-8):	Serwer www i silnik Servlet/JSP będący wzorcową implementacją API Servlet %{servletapiver}/JSP %{jspapiver}
 Name:		tomcat
-Version:	7.0.88
+Version:	7.0.90
 Release:	1
 License:	Apache v2.0
 Group:		Networking/Daemons/Java
 Source0:	http://www.apache.org/dist/tomcat/tomcat-7/v%{version}/src/apache-%{name}-%{version}-src.tar.gz
-# Source0-md5:	839796dfd31ac436c009006f1f815b10
+# Source0-md5:	d5b2197a0a5fcc2101aa54648acab2b2
 Source1:	apache-%{name}.init
 Source2:	apache-%{name}.sysconfig
 Source3:	%{name}-build.properties
@@ -32,7 +32,7 @@ Source14:	%{name}-context-examples.xml
 Source15:	%{name}.logrotate
 Source16:	log4j.properties
 Source100:	http://www.apache.org/dist/commons/logging/source/commons-logging-%{jclver}-src.tar.gz
-# Source100-md5:	e8e197d628436490886d17cffa108fe3
+# Source100-md5:	ce977548f1cbf46918e93cd38ac35163
 Patch0:		%{name}-build.xml.patch
 Patch1:		server.xml-URIEncoding-utf8.patch
 Patch2:		%{name}-LDAPUserDatabase.patch
diff --git a/tomcat-build.xml.patch b/tomcat-build.xml.patch
index 487f131..52ed244 100644
--- a/tomcat-build.xml.patch
+++ b/tomcat-build.xml.patch
@@ -27,7 +27,7 @@
            if="${test.cobertura}"
            description="Adds Cobertura instrumentation to the compiled bytecode">
  
-@@ -1430,52 +1369,10 @@
+@@ -1556,67 +1556,10 @@
      <mkdir dir="${tomcat.extras}/webservices"/>
    </target>
  
@@ -40,30 +40,45 @@
 -      <param name="sourcefile.2" value="${commons-logging-src.loc.2}"/>
 -      <param name="destfile" value="${commons-logging-src.tar.gz}"/>
 -      <param name="destdir" value="${commons-logging.home}"/>
+-      <param name="checksum.enabled" value="${commons-logging-src.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${commons-logging-src.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${commons-logging-src.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${avalon-framework.loc}"/>
 -      <param name="destfile" value="${avalon-framework.jar}"/>
 -      <param name="destdir" value="${avalon-framework.home}"/>
+-      <param name="checksum.enabled" value="${avalon-framework.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${avalon-framework.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${avalon-framework.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${log4j.loc}"/>
 -      <param name="destfile" value="${log4j.jar}"/>
 -      <param name="destdir" value="${log4j.home}"/>
+-      <param name="checksum.enabled" value="${log4j.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${log4j.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${log4j.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${logkit.loc}"/>
 -      <param name="destfile" value="${logkit.jar}"/>
 -      <param name="destdir" value="${logkit.home}"/>
+-      <param name="checksum.enabled" value="${logkit.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${logkit.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${logkit.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${servletapi.loc}"/>
 -      <param name="destfile" value="${servletapi.jar}"/>
 -      <param name="destdir" value="${servletapi.home}"/>
+-      <param name="checksum.enabled" value="${servletapi.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${servletapi.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${servletapi.checksum.value}"/>
 -    </antcall>
 -
 -  </target>
@@ -91,7 +106,7 @@
        <fileset file="${log4j.jar}" />
        <fileset file="${logkit.jar}" />
        <fileset file="${servletapi.jar}" />
-@@ -1577,18 +1475,6 @@
+@@ -1660,24 +1660,6 @@
            depends="extras-prepare"
            description="Prepare to build web services extras package">
  
@@ -99,12 +114,18 @@
 -      <param name="sourcefile" value="${jaxrpc-lib.loc}"/>
 -      <param name="destfile" value="${jaxrpc-lib.jar}"/>
 -      <param name="destdir" value="${jaxrpc-lib.home}"/>
+-      <param name="checksum.enabled" value="${jaxrpc-lib.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${jaxrpc-lib.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${jaxrpc-lib.checksum.value}"/>
 -    </antcall>
 -
 -    <antcall target="downloadfile">
 -      <param name="sourcefile" value="${wsdl4j-lib.loc}"/>
 -      <param name="destfile" value="${wsdl4j-lib.jar}"/>
 -      <param name="destdir" value="${wsdl4j-lib.home}"/>
+-      <param name="checksum.enabled" value="${wsdl4j-lib.checksum.enabled}"/>
+-      <param name="checksum.algorithm" value="${wsdl4j-lib.checksum.algorithm}"/>
+-      <param name="checksum.value" value="${wsdl4j-lib.checksum.value}"/>
 -    </antcall>
 -
      <copy file="${jaxrpc-lib.jar}"
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/tomcat.git/commitdiff/bdef47f6371f21103933b115ba75680331459214

