Hello community,
here is the log from the commit of package tomcat for openSUSE:Factory checked in at 2018-10-11 11:38:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tomcat (Old)
and /work/SRC/openSUSE:Factory/.tomcat.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tomcat"
Thu Oct 11 11:38:39 2018 rev:44 rq:639608 version:9.0.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes 2018-07-23 18:03:48.368722711 +0200
+++ /work/SRC/openSUSE:Factory/.tomcat.new/tomcat.changes 2018-10-11 11:38:41.907302648 +0200
@@ -1,0 +2,28 @@
+Tue Sep 11 10:34:02 UTC 2018 - ecsos@opensuse.org
+
+- Declare following files to config(noreplace) to prevent override
+ access rights:
+ - host-manager/META-INF/context.xml
+ - manager/META-INF/context.xml
+
+-------------------------------------------------------------------
+Sun Aug 26 22:01:07 UTC 2018 - malbu@suse.com
+
+- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
+ configuration during update (bsc#1067720)
+
+-------------------------------------------------------------------
+Tue Aug 16 14:13:23 UTC 2018 - malbu@suse.com
+
+- Update to Tomcat 9.0.10. See changelog at
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
+- Fixed CVEs:
+ - CVE-2018-1336 (bsc#1102400)
+ - CVE-2018-8014 (bsc#1093697)
+ - CVE-2018-8034 (bsc#1102379)
+ - CVE-2018-8037 (bsc#1102410)
+- Rebased patch tomcat-9.0-JDTCompiler-java.patch
+- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
+ OSGi metadata to JAR files
+
+-------------------------------------------------------------------
Old:
----
apache-tomcat-9.0.5-src.tar.gz
apache-tomcat-9.0.5-src.tar.gz.asc
New:
----
apache-tomcat-9.0.10-src.tar.gz
apache-tomcat-9.0.10-src.tar.gz.asc
tomcat-9.0-disable-osgi-build.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tomcat.spec ++++++
--- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:43.523300590 +0200
+++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:43.523300590 +0200
@@ -22,7 +22,7 @@
%define elspec 3.0
%define major_version 9
%define minor_version 0
-%define micro_version 5
+%define micro_version 10
%define packdname apache-tomcat-%{version}-src
# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
%global basedir /srv/%{name}
@@ -46,7 +46,7 @@
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
Url: http://tomcat.apache.org
-Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz
+Source0: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz
Source1: %{name}-%{major_version}.%{minor_version}.conf
Source2: %{name}-%{major_version}.%{minor_version}.init
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
@@ -69,7 +69,7 @@
Source31: tomcat-server
Source32: tomcat-named.service
Source1000: tomcat-rpmlintrc
-Source1001: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc
+Source1001: https://archive.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz.asc
Source1002: %{name}.keyring
#PATCH-FIX-UPSTREAM: from jpackage.org package
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
@@ -83,6 +83,9 @@
Patch3: %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch
# PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files
Patch4: %{name}-%{major_version}.%{minor_version}-javadoc.patch
+# PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE
+Patch5: tomcat-9.0-disable-osgi-build.patch
+
BuildRequires: ant >= 1.8.1
BuildRequires: ant-antlr
BuildRequires: apache-commons-collections
@@ -97,7 +100,8 @@
BuildRequires: geronimo-qname-1_1-api
BuildRequires: geronimo-saaj-1_1-api
BuildRequires: jakarta-taglibs-standard >= 1.1
-BuildRequires: java-devel >= 1.8
+#BuildRequires: java-devel >= 1.8
+BuildRequires: java-devel = 1.8.0
BuildRequires: javapackages-local
BuildRequires: javapackages-tools
BuildRequires: junit
@@ -133,6 +137,8 @@
intended to be a collaboration of the best-of-breed developers from
around the world.
+ATTENTION-> This tomcat is build with java 1.8.0
+
%package admin-webapps
Summary: The host-manager and manager web applications for Apache Tomcat
Group: Productivity/Networking/Web/Servers
@@ -252,6 +258,7 @@
%patch2
%patch3
%patch4
+%patch5
# remove date from docs
sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl
@@ -285,6 +292,7 @@
-Dnsis.exe="HACK" \
-Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \
-Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \
+ -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1_1-api)" \
-Dcommons-pool.home="$(build-classpath commons-pool2)" \
-Dcommons-dbcp.home="$(build-classpath commons-dbcp2)" \
-Dno.build.dbcp=true \
@@ -696,7 +704,9 @@
%files admin-webapps
%{appdir}/host-manager
+%config(noreplace) %{appdir}/host-manager/META-INF/context.xml
%{appdir}/manager
+%config(noreplace) %{appdir}/manager/META-INF/context.xml
%files docs-webapp
%doc %{appdir}/docs
++++++ apache-tomcat-9.0.5-src.tar.gz -> apache-tomcat-9.0.10-src.tar.gz ++++++
++++ 53615 lines of diff (skipped)
++++++ tomcat-9.0-JDTCompiler-java.patch ++++++
--- /var/tmp/diff_new_pack.Y8NS2K/_old 2018-10-11 11:38:44.403299469 +0200
+++ /var/tmp/diff_new_pack.Y8NS2K/_new 2018-10-11 11:38:44.407299465 +0200
@@ -3,37 +3,50 @@
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
---- java/org/apache/jasper/compiler/JDTCompiler.java (date 1506521372000)
-+++ java/org/apache/jasper/compiler/JDTCompiler.java (revision )
-@@ -312,10 +312,10 @@
+--- java/org/apache/jasper/compiler/JDTCompiler.java (revision 6bbf738a0e56d1793022b15e9aca9b690699216b)
++++ java/org/apache/jasper/compiler/JDTCompiler.java (date 1534261527000)
+@@ -312,15 +312,16 @@
CompilerOptions.VERSION_1_7);
} else if(opt.equals("1.8")) {
settings.put(CompilerOptions.OPTION_Source,
- CompilerOptions.VERSION_1_8);
+ "1.8"); // CompilerOptions.VERSION_1_8
- } else if(opt.equals("1.9")) {
+ // Version format changed from Java 9 onwards.
+ // Support old format that was used in EA implementation as well
+ } else if(opt.equals("9") || opt.equals("1.9")) {
settings.put(CompilerOptions.OPTION_Source,
-- CompilerOptions.VERSION_1_9);
-+ "1.9"); // CompilerOptions.VERSION_1_9
+- CompilerOptions.VERSION_9);
++ "9");
+ } else if(opt.equals("10")) {
+ settings.put(CompilerOptions.OPTION_Source,
+- CompilerOptions.VERSION_10);
++ "10");
++
} else {
log.warn("Unknown source VM " + opt + " ignored.");
settings.put(CompilerOptions.OPTION_Source,
-@@ -359,14 +359,14 @@
- CompilerOptions.VERSION_1_7);
- } else if(opt.equals("1.8")) {
+@@ -366,19 +367,19 @@
settings.put(CompilerOptions.OPTION_TargetPlatform,
-- CompilerOptions.VERSION_1_8);
-+ "1.8"); // CompilerOptions.VERSION_1_8
+ CompilerOptions.VERSION_1_8);
settings.put(CompilerOptions.OPTION_Compliance,
- CompilerOptions.VERSION_1_8);
+ "1.8"); // CompilerOptions.VERSION_1_8
- } else if(opt.equals("1.9")) {
+ // Version format changed from Java 9 onwards.
+ // Support old format that was used in EA implementation as well
+ } else if(opt.equals("9") || opt.equals("1.9")) {
+ settings.put(CompilerOptions.OPTION_TargetPlatform,
+- CompilerOptions.VERSION_9);
++ "9"); // CompilerOptions.VERSION_1_9
+ settings.put(CompilerOptions.OPTION_Compliance,
+- CompilerOptions.VERSION_9);
++ "9"); // CompilerOptions.VERSION_1_9
+ } else if(opt.equals("10")) {
settings.put(CompilerOptions.OPTION_TargetPlatform,
-- CompilerOptions.VERSION_1_9);
-+ "1.9"); // CompilerOptions.VERSION_1_9
+- CompilerOptions.VERSION_10);
++ "10");
settings.put(CompilerOptions.OPTION_Compliance,
-- CompilerOptions.VERSION_1_9);
-+ "1.9"); // CompilerOptions.VERSION_1_9
+- CompilerOptions.VERSION_10);
++ "10");
} else {
log.warn("Unknown target VM " + opt + " ignored.");
settings.put(CompilerOptions.OPTION_TargetPlatform,
++++++ tomcat-9.0-disable-osgi-build.patch ++++++
Index: build.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- build.xml (date 1529515764000)
+++ build.xml (date 1534335916000)
@@ -15,7 +15,8 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 9.0" default="deploy" basedir=".">
+