From 0f426bcf0e3cc25862cdf46c4f32999b6d093401 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Tue, 24 Oct 2017 15:46:52 +0000 Subject: [PATCH] Change "zip -u" to "zip" Resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition fed_hash: 83edb0c5e8499b5ea8a1c41cb38daebc2870b5aa --- .gitignore | 2 +- sources | 2 +- tomcat.spec | 26 +++++++++++++++++--------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index c2ecc53..bcdc0f5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/apache-tomcat-8.0.46-src.tar.gz +/apache-tomcat-8.0.47-src.tar.gz diff --git a/sources b/sources index 3ed023d..e52a65e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3feaec442115a40dcb068114c500b884 apache-tomcat-8.0.46-src.tar.gz +9f28b75bcb96ebf3b9fe118aab0df6f6 apache-tomcat-8.0.47-src.tar.gz diff --git a/tomcat.spec b/tomcat.spec index 9ff886e..bc48119 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -31,7 +31,7 @@ %global jspspec 2.3 %global major_version 8 %global minor_version 0 -%global micro_version 46 +%global micro_version 47 %global packdname apache-tomcat-%{version}-src %global servletspec 3.1 %global elspec 3.0 @@ -57,7 +57,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Group: System Environment/Daemons @@ -299,25 +299,25 @@ popd mkdir -p META-INF cp -p %{SOURCE8} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/servlet-api.jar META-INF/MANIFEST.MF +zip output/build/lib/servlet-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE9} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jsp-api.jar META-INF/MANIFEST.MF +zip output/build/lib/jsp-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE12} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/el-api.jar META-INF/MANIFEST.MF +zip output/build/lib/el-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE13} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jasper-el.jar META-INF/MANIFEST.MF +zip output/build/lib/jasper-el.jar META-INF/MANIFEST.MF cp -p %{SOURCE14} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/jasper.jar META-INF/MANIFEST.MF +zip output/build/lib/jasper.jar META-INF/MANIFEST.MF cp -p %{SOURCE15} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF +zip output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF cp -p %{SOURCE16} META-INF/MANIFEST.MF touch META-INF/MANIFEST.MF -zip -u output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF +zip output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF %install # build initial path structure @@ -690,6 +690,14 @@ fi %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out %changelog +* Tue Oct 24 2017 Troy Dawson - 1:8.0.47-2 +- Change "zip -u" to "zip" +- Resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition + +* Wed Oct 04 2017 Coty Sutherland - 1:8.0.47-1 +- Update to 8.0.47 +- Resolves: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 + * Mon Aug 21 2017 Coty Sutherland - 1:8.0.46-1 - Update to 8.0.46 - Resolves: rhbz#1480620 CVE-2017-7674 tomcat: Cache Poisoning