Hello community, here is the log from the commit of package tomcat for openSUSE:Factory checked in at 2014-09-22 09:22:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tomcat (Old) and /work/SRC/openSUSE:Factory/.tomcat.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tomcat" Changes: -------- --- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes 2014-09-09 06:21:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tomcat.new/tomcat.changes 2014-09-22 09:22:55.000000000 +0200 @@ -1,0 +2,25 @@ +Wed Sep 17 11:28:46 UTC 2014 - bmaryniuk@suse.com + +- SLE12 has different path for the "rm" command than older versions. + To avoid possible clashes, the entire coreutils must be provided. + (bnc#894292) + +------------------------------------------------------------------- +Tue Sep 16 16:09:59 UTC 2014 - bmaryniuk@suse.com + +- Fixed Security Manager policies, which makes unable properly + run webapps by default. (bnc#891264) + Added: tomcat-7.0-sle.catalina.policy.patch + +------------------------------------------------------------------- +Tue Sep 16 14:13:20 UTC 2014 - bmaryniuk@suse.com + +- Missing security manager policy file prevents Tomcat to start + with systemd. (bnc#890995) + +------------------------------------------------------------------- +Mon Sep 15 13:02:02 UTC 2014 - dmacvicar@suse.de + +- Tomcat 7.0.55 requires ecj 4.4.0 + +------------------------------------------------------------------- New: ---- tomcat-7.0-sle.catalina.policy.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomcat.spec ++++++ --- /var/tmp/diff_new_pack.SnIE4y/_old 2014-09-22 09:22:56.000000000 +0200 +++ /var/tmp/diff_new_pack.SnIE4y/_new 2014-09-22 09:22:56.000000000 +0200 @@ -72,9 +72,11 @@ Patch2: tomcat-7.0.52-property-build.windows.patch # PATCH-FIX-UPSTREAM: https://issues.apache.org/bugzilla/show_bug.cgi?id=56373 Patch3: tomcat-7.0.53-JDTCompiler-java.patch +# PATCH-FIX-SLE: Change security manager default policies bnc#891264 +Patch4: tomcat-7.0-sle.catalina.policy.patch BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr -BuildRequires: ecj >= 4.2.1 +BuildRequires: ecj >= 4.4.0 BuildRequires: fdupes BuildRequires: findutils BuildRequires: geronimo-jaf-1_0_2-api @@ -205,9 +207,9 @@ Requires: %{name}-el-%{elspec}-api = %{version}-%{release} Requires: %{name}-jsp-%{jspspec}-api = %{version}-%{release} Requires: %{name}-servlet-%{servletspec}-api = %{version}-%{release} -Requires(post): ecj >= 4.2.1 +Requires(post): ecj >= 4.4 Requires(post): jakarta-commons-pool-tomcat5 -Requires(preun): %{_bindir}/rm +Requires(preun): coreutils Provides: jakarta-commons-dbcp-tomcat5 = 1.4 Obsoletes: jakarta-commons-dbcp-tomcat5 < 1.4 @@ -249,6 +251,8 @@ %patch1 -p1 %patch2 -p1 %patch3 +%patch4 -p1 + # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl ++++++ tomcat-7.0-sle.catalina.policy.patch ++++++ diff -Naur apache-tomcat-7.0.55-src/conf/catalina.policy apache-tomcat-7.0.55-src.new/conf/catalina.policy --- apache-tomcat-7.0.55-src/conf/catalina.policy 2014-07-18 16:49:04.000000000 +0200 +++ apache-tomcat-7.0.55-src.new/conf/catalina.policy 2014-09-16 17:49:07.963129705 +0200 @@ -95,6 +95,7 @@ // ${file.separator}classes${file.separator}logging.properties", "read"; }; + // These permissions apply to the server startup code grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { permission java.security.AllPermission; @@ -107,7 +108,6 @@ permission java.security.AllPermission; }; - // If using a per instance lib directory, i.e. ${catalina.base}/lib, // then the following permission will need to be uncommented // grant codeBase "file:${catalina.base}/lib/-" { @@ -162,6 +162,9 @@ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; // Precompiled JSPs need access to these packages. + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; permission java.lang.RuntimePermission @@ -214,6 +217,15 @@ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; }; +// Additional basic permissions for web applications. +grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" { + permission java.security.AllPermission; +}; + +grant codeBase "file:/usr/share/java/tomcat-el-api.jar" { + permission java.security.AllPermission; +}; + // You can assign additional permissions to particular web applications by // adding additional "grant" entries here, based on the code base for that // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. @@ -245,4 +257,3 @@ // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; - ++++++ tomcat-7.0-tomcat-sysd ++++++ --- /var/tmp/diff_new_pack.SnIE4y/_old 2014-09-22 09:22:56.000000000 +0200 +++ /var/tmp/diff_new_pack.SnIE4y/_new 2014-09-22 09:22:56.000000000 +0200 @@ -60,8 +60,10 @@ if [[ "$SECURITY_MANAGER" = "true" ]]; then DSECURITY_MANAGER="-Djava.security.manager" + DSECURITY_POLICY="-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy" else unset DSECURITY_MANAGER + unset DSECURITY_POLICY fi if ${USE_JSVC}; then @@ -76,7 +78,7 @@ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ - -Djava.io.tmpdir="$CATALINA_TMPDIR" ${DSECURITY_MANAGER} \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" ${DSECURITY_MANAGER} ${DSECURITY_POLICY} \ -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \ -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \ org.apache.catalina.startup.Bootstrap start -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de