Resolves: rhbz#1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service (updates to 8.0.36)
This commit is contained in:
parent
43760819ea
commit
50c91f3fe2
2
sources
2
sources
@ -1 +1 @@
|
|||||||
f8a1a0f811f6ffe0a4ccc1132c442d8b apache-tomcat-8.0.32-src.tar.gz
|
be048e9ffa26957892933c9fa6bca0d8 apache-tomcat-8.0.36-src.tar.gz
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
--- conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500
|
--- conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500
|
||||||
+++ conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500
|
+++ conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500
|
||||||
@@ -23,4 +23,14 @@
|
@@ -23,4 +23,14 @@
|
||||||
<user username="both" password="tomcat" roles="tomcat,role1"/>
|
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
|
||||||
<user username="role1" password="tomcat" roles="role1"/>
|
<user username="role1" password="<must-be-changed>" roles="role1"/>
|
||||||
-->
|
-->
|
||||||
+
|
+
|
||||||
+<!-- <role rolename="admin"/> -->
|
+<!-- <role rolename="admin"/> -->
|
||||||
@ -13,5 +13,5 @@
|
|||||||
+<!-- <role rolename="manager-script"/> -->
|
+<!-- <role rolename="manager-script"/> -->
|
||||||
+<!-- <role rolename="manager-jmx"/> -->
|
+<!-- <role rolename="manager-jmx"/> -->
|
||||||
+<!-- <role rolename="manager-status"/> -->
|
+<!-- <role rolename="manager-status"/> -->
|
||||||
+<!-- <user name="admin" password="adminadmin" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
|
+<!-- <user name="admin" password="<must-be-changed>" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
|
||||||
</tomcat-users>
|
</tomcat-users>
|
||||||
|
24
tomcat-8.0.36-CompilerOptionsV9.patch
Normal file
24
tomcat-8.0.36-CompilerOptionsV9.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
--- java/org/apache/jasper/compiler/JDTCompiler.java~ 2016-07-01 14:39:19.728255958 -0400
|
||||||
|
+++ java/org/apache/jasper/compiler/JDTCompiler.java 2016-07-01 14:39:37.191311760 -0400
|
||||||
|
@@ -312,9 +312,6 @@
|
||||||
|
} else if(opt.equals("1.8")) {
|
||||||
|
settings.put(CompilerOptions.OPTION_Source,
|
||||||
|
CompilerOptions.VERSION_1_8);
|
||||||
|
- } else if(opt.equals("1.9")) {
|
||||||
|
- settings.put(CompilerOptions.OPTION_Source,
|
||||||
|
- CompilerOptions.VERSION_1_9);
|
||||||
|
} else {
|
||||||
|
log.warn("Unknown source VM " + opt + " ignored.");
|
||||||
|
settings.put(CompilerOptions.OPTION_Source,
|
||||||
|
@@ -361,11 +358,6 @@
|
||||||
|
CompilerOptions.VERSION_1_8);
|
||||||
|
settings.put(CompilerOptions.OPTION_Compliance,
|
||||||
|
CompilerOptions.VERSION_1_8);
|
||||||
|
- } else if(opt.equals("1.9")) {
|
||||||
|
- settings.put(CompilerOptions.OPTION_TargetPlatform,
|
||||||
|
- CompilerOptions.VERSION_1_9);
|
||||||
|
- settings.put(CompilerOptions.OPTION_Compliance,
|
||||||
|
- CompilerOptions.VERSION_1_9);
|
||||||
|
} else {
|
||||||
|
log.warn("Unknown target VM " + opt + " ignored.");
|
||||||
|
settings.put(CompilerOptions.OPTION_TargetPlatform,
|
10
tomcat.spec
10
tomcat.spec
@ -31,7 +31,7 @@
|
|||||||
%global jspspec 2.3
|
%global jspspec 2.3
|
||||||
%global major_version 8
|
%global major_version 8
|
||||||
%global minor_version 0
|
%global minor_version 0
|
||||||
%global micro_version 32
|
%global micro_version 36
|
||||||
%global packdname apache-tomcat-%{version}-src
|
%global packdname apache-tomcat-%{version}-src
|
||||||
%global servletspec 3.1
|
%global servletspec 3.1
|
||||||
%global elspec 3.0
|
%global elspec 3.0
|
||||||
@ -57,7 +57,7 @@
|
|||||||
Name: tomcat
|
Name: tomcat
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{major_version}.%{minor_version}.%{micro_version}
|
Version: %{major_version}.%{minor_version}.%{micro_version}
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -86,6 +86,7 @@ Source32: tomcat-named.service
|
|||||||
|
|
||||||
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
|
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
|
||||||
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
|
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
|
||||||
|
Patch2: %{name}-8.0.36-CompilerOptionsV9.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
@ -237,6 +238,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
|
|||||||
|
|
||||||
%patch0 -p0
|
%patch0 -p0
|
||||||
%patch1 -p0
|
%patch1 -p0
|
||||||
|
%patch2 -p0
|
||||||
|
|
||||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
|
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
|
||||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
|
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
|
||||||
|
|
||||||
@ -679,7 +682,8 @@ fi
|
|||||||
%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
|
%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Aug 08 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.32-5
|
* Mon Aug 08 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.36-1
|
||||||
|
- Resolves: rhbz#1349463 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service (updates to 8.0.36)
|
||||||
- Resolves: rhbz#1364056 The command tomcat-digest doesn't work
|
- Resolves: rhbz#1364056 The command tomcat-digest doesn't work
|
||||||
- Resolves: rhbz#1363884 The tomcat-tool-wrapper script is broken
|
- Resolves: rhbz#1363884 The tomcat-tool-wrapper script is broken
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user