rpms/tomcat
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 9.0.59

Browse Source 
Fixes CVE-2022-23181
This commit is contained in:
Sonia Xu 2022-03-02 23:41:57 +00:00 committed by fedora Cloud User
parent cdf645a2cf
commit 37136861df
3 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sources
View File

@ -1 +1 @@
SHA512 (apache-tomcat-9.0.56-src.tar.gz) = 43332241fda149f9da107496cc6b812e38544c9043c567e3fe11ee01b5abfbd02b6a377c3f6090902048bd9dc67746cdc65d59f03bd0de68c05e0955bfe018c5
SHA512 (apache-tomcat-9.0.59-src.tar.gz) = cea0125ca9b90b247ed114fa7b2e9c63da38b1ef97b3a373a43ed0d775764178534a4014b254219c8c5a26575eaf0ddc25ebc1e276b2ad5086ef3406627f1c80

19
tomcat-9.0-JDTCompiler.patch
View File

@ -1,16 +1,17 @@
diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java.orig ./java/org/apache/jasper/compiler/JDTCompiler.java
--- java/org/apache/jasper/compiler/JDTCompiler.java.orig 2021-07-07 11:31:21.583507995 +0800
+++ java/org/apache/jasper/compiler/JDTCompiler.java 2021-07-07 11:35:13.009251246 +0800
@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apa
diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
index 2e361f2..277d8f4 100644
--- java/org/apache/jasper/compiler/JDTCompiler.java
+++ java/org/apache/jasper/compiler/JDTCompiler.java
@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
} else if(opt.equals("15")) {
settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_Source, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version shipped with
// Tomcat. May be supported in a snapshot build.
@@ -372,8 +372,8 @@ public class JDTCompiler extends org.apa
// Constant not available in latest ECJ version that runs on
// Java 8.
@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
@ -19,5 +20,5 @@ diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java.orig ./java/org/apac
+ settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
+ settings.put(CompilerOptions.OPTION_Compliance, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version shipped with
// Tomcat. May be supported in a snapshot build.
// Constant not available in latest ECJ version that runs on
// Java 8.

8
tomcat.spec
View File

@ -31,7 +31,7 @@
%global jspspec 2.3
%global major_version 9
%global minor_version 0
%global micro_version 56
%global micro_version 59
%global packdname apache-tomcat-%{version}-src
%global servletspec 4.0
%global elspec 3.0
@ -56,7 +56,7 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 3%{?dist}
Release: 1%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0
@ -496,6 +496,10 @@ fi
%{appdir}/ROOT
%changelog
* Wed Mar 02 2022 Sonia Xu <sonix@amazon.com> - 1:9.0.59-1
- Update to 9.0.59
- Resolves: rhbz#2047419 - CVE-2022-23181 tomcat: local privilege escalation vulnerability
* Sat Feb 05 2022 Jiri Vanek <jvanek@redhat.com> - 1:9.0.56-3
- Rebuilt for java-17-openjdk as system jdk