Change "zip -u" to "zip" Resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition fed_hash: 83edb0c5e8

2017-10-24 15:46:52 +00:00 · 2017-10-24 15:46:52 +00:00 · 0f426bcf0e
parent 6d9eaa9d4c
commit 0f426bcf0e
3 changed files with 19 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/apache-tomcat-8.0.46-src.tar.gz
+/apache-tomcat-8.0.47-src.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-3feaec442115a40dcb068114c500b884  apache-tomcat-8.0.46-src.tar.gz
+9f28b75bcb96ebf3b9fe118aab0df6f6  apache-tomcat-8.0.47-src.tar.gz
--- a/tomcat.spec
+++ b/tomcat.spec
@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 8
 %global minor_version 0
-%global micro_version 46
+%global micro_version 47
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 3.1
 %global elspec 3.0
@ -57,7 +57,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 Group:         System Environment/Daemons
@ -299,25 +299,25 @@ popd
 mkdir -p META-INF
 cp -p %{SOURCE8} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/servlet-api.jar META-INF/MANIFEST.MF
+zip output/build/lib/servlet-api.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE9} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/jsp-api.jar META-INF/MANIFEST.MF
+zip output/build/lib/jsp-api.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE12} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/el-api.jar META-INF/MANIFEST.MF
+zip output/build/lib/el-api.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE13} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/jasper-el.jar META-INF/MANIFEST.MF
+zip output/build/lib/jasper-el.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE14} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/jasper.jar META-INF/MANIFEST.MF
+zip output/build/lib/jasper.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE15} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF
+zip output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF
 cp -p %{SOURCE16} META-INF/MANIFEST.MF
 touch META-INF/MANIFEST.MF
-zip -u output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF
+zip output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF

 %install
 # build initial path structure
@ -690,6 +690,14 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out

 %changelog
+* Tue Oct 24 2017 Troy Dawson <tdawson@redhat.com> - 1:8.0.47-2
+- Change "zip -u" to "zip"
+- Resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition
+
+* Wed Oct 04 2017 Coty Sutherland <csutherl@redhat.com> - 1:8.0.47-1
+- Update to 8.0.47
+- Resolves: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
+
 * Mon Aug 21 2017 Coty Sutherland <csutherl@redhat.com> - 1:8.0.46-1
 - Update to 8.0.46
 - Resolves: rhbz#1480620 CVE-2017-7674 tomcat: Cache Poisoning