Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3

Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
Resolves: #2210632 CVE-2023-28709
Resolves: #2184133 Add Obsoletes to tomcat package
Update patch command
Update source to use jws tomcat
This commit is contained in:
Hui Wang 2023-06-30 15:18:33 +08:00
parent cbe42b74db
commit 5112b5efc0
6 changed files with 151 additions and 396 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ apache-tomcat-*-src.tar.gz
results_tomcat
tomcat*.src.rpm
apache-tomcat-*-src/
/tomcat-9.0.62.redhat-00012.tar.gz

View File

@ -0,0 +1,40 @@
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
index f62f8d1..db19960 100644
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
* Better to use the internal API than re-invent the wheel.
*/
@SuppressWarnings("restriction")
- private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
+ private static class JmxRegistry {
private static final long serialVersionUID = -3772054804656428217L;
private final String jmxName;
private final Remote jmxServer;
public JmxRegistry(int port, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
- super(port, csf, ssf);
this.jmxName = jmxName;
this.jmxServer = jmxServer;
}
- @Override
public Remote lookup(String name)
throws RemoteException, NotBoundException {
return (jmxName.equals(name)) ? jmxServer : null;
}
- @Override
public void bind(String name, Remote obj)
throws RemoteException, AlreadyBoundException, AccessException {
}
- @Override
public void unbind(String name)
throws RemoteException, NotBoundException, AccessException {
}
- @Override
public void rebind(String name, Remote obj)
throws RemoteException, AccessException {
}
- @Override
public String[] list() throws RemoteException {
return new String[] { jmxName };
}

View File

@ -1 +1 @@
SHA512 (apache-tomcat-9.0.62-src.tar.gz) = 7e9cad2703473d9f096009c464b28d54d3765259fab1923ef8c9b1cbfa231fa51cedadfe771a3a95abffd258759a71023e036bda78b949440a5e826fbd4e9e09
SHA512 (tomcat-9.0.62.redhat-00012.tar.gz) = e02ec42a27bbb67dce7de86caf18dd093fc0924c66086ff7dec8ae4bec5f73f523a688db28df2091384fc211d8f2b375b6fa7ebdba39d363aa824b1b5bf05e01

View File

@ -1,24 +0,0 @@
diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
index 2e361f2..277d8f4 100644
--- java/org/apache/jasper/compiler/JDTCompiler.java
+++ java/org/apache/jasper/compiler/JDTCompiler.java
@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
} else if(opt.equals("15")) {
settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_Source, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.
@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
- settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
+ settings.put(CompilerOptions.OPTION_Compliance, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.

View File

@ -1,345 +0,0 @@
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 8746b6b..dc878c6 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -1820,41 +1820,13 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
// shutting down the executor
boolean usingExecutor = false;
try {
-
- // Runnable wrapped by Thread
- // "target" in Sun/Oracle JDK
- // "runnable" in IBM JDK
- // "action" in Apache Harmony
- Object target = null;
- for (String fieldName : new String[] { "target", "runnable", "action" }) {
- try {
- Field targetField = thread.getClass().getDeclaredField(fieldName);
- targetField.setAccessible(true);
- target = targetField.get(thread);
- break;
- } catch (NoSuchFieldException nfe) {
- continue;
- }
- }
-
- // "java.util.concurrent" code is in public domain,
- // so all implementations are similar including our
- // internal fork.
- if (target != null && target.getClass().getCanonicalName() != null &&
- (target.getClass().getCanonicalName().equals(
- "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
- target.getClass().getCanonicalName().equals(
- "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
- Field executorField = target.getClass().getDeclaredField("this$0");
- executorField.setAccessible(true);
- Object executor = executorField.get(target);
- if (executor instanceof ThreadPoolExecutor) {
- ((ThreadPoolExecutor) executor).shutdownNow();
- usingExecutor = true;
- } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
- ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
- usingExecutor = true;
- }
+ Object executor = JreCompat.getInstance().getExecutor(thread);
+ if (executor instanceof ThreadPoolExecutor) {
+ ((ThreadPoolExecutor) executor).shutdownNow();
+ usingExecutor = true;
+ } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
+ ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
+ usingExecutor = true;
}
} catch (NoSuchFieldException | IllegalAccessException | RuntimeException e) {
// InaccessibleObjectException is only available in Java 9+,
@@ -2306,6 +2278,12 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
private void clearReferencesObjectStreamClassCaches() {
+ if (JreCompat.isJre19Available()) {
+ // The memory leak this fixes has been fixed in Java 19 onwards,
+ // 17.0.4 onwards and 11.0.16 onwards
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
+ return;
+ }
try {
Class<?> clazz = Class.forName("java.io.ObjectStreamClass$Caches");
clearCache(clazz, "localDescs");
@@ -2333,14 +2311,19 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
throws ReflectiveOperationException, SecurityException, ClassCastException {
Field f = target.getDeclaredField(mapName);
f.setAccessible(true);
- Map<?,?> map = (Map<?,?>) f.get(null);
- Iterator<?> keys = map.keySet().iterator();
- while (keys.hasNext()) {
- Object key = keys.next();
- if (key instanceof Reference) {
- Object clazz = ((Reference<?>) key).get();
- if (loadedByThisOrChild(clazz)) {
- keys.remove();
+ Object map = f.get(null);
+ // Avoid trying to clear references if Tomcat is running on a JRE that
+ // includes the fix for this memory leak
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
+ if (map instanceof Map<?,?>) {
+ Iterator<?> keys = ((Map<?,?>) map).keySet().iterator();
+ while (keys.hasNext()) {
+ Object key = keys.next();
+ if (key instanceof Reference) {
+ Object clazz = ((Reference<?>) key).get();
+ if (loadedByThisOrChild(clazz)) {
+ keys.remove();
+ }
}
}
}
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 62df145..e5df728 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.compat;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.SocketAddress;
@@ -45,6 +46,7 @@ public class JreCompat {
private static final JreCompat instance;
private static final boolean graalAvailable;
+ private static final boolean jre19Available;
private static final boolean jre16Available;
private static final boolean jre11Available;
private static final boolean jre9Available;
@@ -67,18 +69,26 @@ public class JreCompat {
// This is Tomcat 9 with a minimum Java version of Java 8.
// Look for the highest supported JVM first
- if (Jre16Compat.isSupported()) {
+ if (Jre19Compat.isSupported()) {
+ instance = new Jre19Compat();
+ jre9Available = true;
+ jre16Available = true;
+ jre19Available = true;
+ } else if (Jre16Compat.isSupported()) {
instance = new Jre16Compat();
jre9Available = true;
jre16Available = true;
+ jre19Available = false;
} else if (Jre9Compat.isSupported()) {
instance = new Jre9Compat();
jre9Available = true;
jre16Available = false;
+ jre19Available = false;
} else {
instance = new JreCompat();
jre9Available = false;
jre16Available = false;
+ jre19Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
@@ -124,6 +134,9 @@ public class JreCompat {
return jre16Available;
}
+ public static boolean isJre19Available() {
+ return jre19Available;
+ }
// Java 8 implementation of Java 9 methods
@@ -303,6 +316,8 @@ public class JreCompat {
}
+ // Java 8 implementations of Java 16 methods
+
/**
* Return Unix domain socket address for given path.
* @param path The path
@@ -329,4 +344,63 @@ public class JreCompat {
public SocketChannel openUnixDomainSocketChannel() {
throw new UnsupportedOperationException(sm.getString("jreCompat.noUnixDomainSocket"));
}
+
+
+ // Java 8 implementations of Java 19 methods
+
+ /**
+ * Obtains the executor, if any, used to create the provided thread.
+ *
+ * @param thread The thread to examine
+ *
+ * @return The executor, if any, that created the provided thread
+ *
+ * @throws NoSuchFieldException
+ * If a field used via reflection to obtain the executor cannot
+ * be found
+ * @throws SecurityException
+ * If a security exception occurs while trying to identify the
+ * executor
+ * @throws IllegalArgumentException
+ * If the instance object does not match the class of the field
+ * when obtaining a field value via reflection
+ * @throws IllegalAccessException
+ * If a field is not accessible due to access restrictions
+ */
+ public Object getExecutor(Thread thread)
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ Object result = null;
+
+ // Runnable wrapped by Thread
+ // "target" in Sun/Oracle JDK
+ // "runnable" in IBM JDK
+ // "action" in Apache Harmony
+ Object target = null;
+ for (String fieldName : new String[] { "target", "runnable", "action" }) {
+ try {
+ Field targetField = thread.getClass().getDeclaredField(fieldName);
+ targetField.setAccessible(true);
+ target = targetField.get(thread);
+ break;
+ } catch (NoSuchFieldException nfe) {
+ continue;
+ }
+ }
+
+ // "java.util.concurrent" code is in public domain,
+ // so all implementations are similar including our
+ // internal fork.
+ if (target != null && target.getClass().getCanonicalName() != null &&
+ (target.getClass().getCanonicalName().equals(
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
+ target.getClass().getCanonicalName().equals(
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
+ Field executorField = target.getClass().getDeclaredField("this$0");
+ executorField.setAccessible(true);
+ result = executorField.get(target);
+ }
+
+ return result;
+ }
}
diff --git a/java/org/apache/tomcat/util/compat/LocalStrings.properties b/java/org/apache/tomcat/util/compat/LocalStrings.properties
index 79427da..c4c2f7d 100644
--- a/java/org/apache/tomcat/util/compat/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/compat/LocalStrings.properties
@@ -16,6 +16,8 @@
jre16Compat.javaPre16=Class not found so assuming code is running on a pre-Java 16 JVM
jre16Compat.unexpected=Failed to create references to Java 16 classes and methods
+jre19Compat.javaPre19=Class not found so assuming code is running on a pre-Java 19 JVM
+
jre9Compat.invalidModuleUri=The module URI provided [{0}] could not be converted to a URL for the JarScanner to process
jre9Compat.javaPre9=Class not found so assuming code is running on a pre-Java 9 JVM
jre9Compat.unexpected=Failed to create references to Java 9 classes and methods
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index d118196..42dfe38 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -769,7 +769,11 @@
therefore requires that the command line option
<code>-XaddExports:java.base/java.io=ALL-UNNAMED</code> is set
when running on Java 9 and above. If not specified, the default value of
- <code>true</code> will be used.</p>
+ <code>true</code> will be used.</p>
+ <p>The memory leak associated with <code>ObjectStreamClass</code> has
+ been fixed in Java 19 onwards, Java 17.0.4 onwards and Java 11.0.16
+ onwards. The check will be disabled when running on a version
+ of Java that contains the fix.</p>
</attribute>
<attribute name="clearReferencesRmiTargets" required="false">
diff --git a/java/org/apache/tomcat/util/compat/Jre19Compat.java b/java/org/apache/tomcat/util/compat/Jre19Compat.java
new file mode 100644
index 0000000000..fb94810b40
--- /dev/null
+++ b/java/org/apache/tomcat/util/compat/Jre19Compat.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.compat;
+
+import java.lang.reflect.Field;
+
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+public class Jre19Compat extends Jre16Compat {
+
+ private static final Log log = LogFactory.getLog(Jre19Compat.class);
+ private static final StringManager sm = StringManager.getManager(Jre19Compat.class);
+
+ private static final boolean supported;
+
+ static {
+ // Don't need any Java 19 specific classes (yet) so just test for one of
+ // the new ones for now.
+ Class<?> c1 = null;
+ try {
+ c1 = Class.forName("java.lang.WrongThreadException");
+ } catch (ClassNotFoundException cnfe) {
+ // Must be pre-Java 16
+ log.debug(sm.getString("jre19Compat.javaPre19"), cnfe);
+ }
+
+ supported = (c1 != null);
+ }
+
+ static boolean isSupported() {
+ return supported;
+ }
+
+ @Override
+ public Object getExecutor(Thread thread)
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ Object result = super.getExecutor(thread);
+
+ if (result == null) {
+ Object holder = null;
+ Object task = null;
+ try {
+ Field holderField = thread.getClass().getDeclaredField("holder");
+ holderField.setAccessible(true);
+ holder = holderField.get(thread);
+
+ Field taskField = holder.getClass().getDeclaredField("task");
+ taskField.setAccessible(true);
+ task = taskField.get(holder);
+ } catch (NoSuchFieldException nfe) {
+ return null;
+ }
+
+ if (task!= null && task.getClass().getCanonicalName() != null &&
+ (task.getClass().getCanonicalName().equals(
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
+ task.getClass().getCanonicalName().equals(
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
+ Field executorField = task.getClass().getDeclaredField("this$0");
+ executorField.setAccessible(true);
+ result = executorField.get(task);
+ }
+ }
+
+ return result;
+ }
+}

View File

@ -32,7 +32,7 @@
%global major_version 9
%global minor_version 0
%global micro_version 62
%global packdname apache-tomcat-%{version}-src
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012
%global servletspec 4.0
%global elspec 3.0
%global tcuid 53
@ -56,12 +56,12 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 11%{?dist}
Release: 12%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0
URL: http://tomcat.apache.org/
Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz
Source0: %{packdname}.tar.gz
Source1: %{name}-%{major_version}.%{minor_version}.conf
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
Source4: %{name}-%{major_version}.%{minor_version}.wrapper
@ -80,10 +80,8 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat
Patch2: %{name}-build.patch
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
Patch4: rhbz-1857043.patch
Patch5: %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch
Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
# The fixes for memory leak which have been fixed in 9.0.64, remove this patch in the next tomcat update
Patch7: %{name}-%{major_version}.%{minor_version}-memory-leak.patch
Patch7: JmxRemoteLifecycleListener.patch
Patch8: fix-malformed-dtd.patch
BuildArch: noarch
@ -91,13 +89,12 @@ BuildArch: noarch
BuildRequires: ant
BuildRequires: ecj >= 1:4.10
BuildRequires: findutils
BuildRequires: java-devel >= 1:1.8.0
BuildRequires: javapackages-local
BuildRequires: aqute-bnd
BuildRequires: aqute-bndlib
BuildRequires: systemd
Requires: java-headless >= 1:1.8.0
Requires: (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java >= 1:1.8)
Requires: javapackages-tools
Requires: %{name}-lib = %{epoch}:%{version}-%{release}
%if 0%{?fedora} || 0%{?rhel} > 7
@ -108,8 +105,8 @@ Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# We will change it to an obsoletes whenever the pki team is able to make the switch
Conflicts: pki-servlet-engine <= 1:9.0.50
Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
# added after log4j sub-package was removed
Provides: %{name}-log4j = %{epoch}:%{version}-%{release}
@ -124,6 +121,33 @@ Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.
%package java-jdk8
Group: Development/Java
Summary: Tomcat on JDK 8
Requires: java-1.8.0 >= 1:1.8
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk8
Tomcat on JDK 8
%package java-jdk11
Group: Development/Java
Summary: Tomcat on JDK 11
Requires: (java-11 or java-11-headless)
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk11
Tomcat on JDK 11
%package java-jdk17
Group: Development/Java
Summary: Tomcat on JDK 17
Requires: (java-17 or java-17-headless)
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk17
Tomcat on JDK 17
%package admin-webapps
Summary: The host-manager and manager web applications for Apache Tomcat
Requires: %{name} = %{epoch}:%{version}-%{release}
@ -144,7 +168,8 @@ Provides: jsp = %{jspspec}
Obsoletes: %{name}-jsp-2.2-api
Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
Conflicts: pki-servlet-engine <= 1:9.0.50
Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description jsp-%{jspspec}-api
Apache Tomcat JSP API Implementation Classes.
@ -156,7 +181,8 @@ Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
Requires: ecj >= 1:4.10
Requires(preun): coreutils
Conflicts: pki-servlet-engine <= 1:9.0.50
Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description lib
Libraries needed to run the Tomcat Web container.
@ -167,7 +193,8 @@ Provides: servlet = %{servletspec}
Provides: servlet6
Provides: servlet3
Obsoletes: %{name}-servlet-3.1-api
Conflicts: pki-servlet-4.0-api <= 1:9.0.50
Provides: pki-servlet-4.0-api
Obsoletes: pki-servlet-4.0-api <= 1:9.0.50
%description servlet-%{servletspec}-api
Apache Tomcat Servlet API Implementation Classes.
@ -176,7 +203,8 @@ Apache Tomcat Servlet API Implementation Classes.
Summary: Apache Tomcat Expression Language v%{elspec} API Implementation Classes
Provides: el_api = %{elspec}
Obsoletes: %{name}-el-2.2-api
Conflicts: pki-servlet-engine <= 1:9.0.50
Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description el-%{elspec}-api
Apache Tomcat EL API Implementation Classes.
@ -194,15 +222,14 @@ The ROOT web application for Apache Tomcat.
find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
-name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
%patch0 -p0
%patch1 -p0
%patch2 -p0
%patch3 -p0
%patch4 -p0
%patch5 -p0
%patch6 -p0
%patch7 -p1
%patch8 -p1
%patch -P0 -p0
%patch -P1 -p0
%patch -P2 -p0
%patch -P3 -p0
%patch -P4 -p0
%patch -P6 -p0
%patch -P7 -p1
%patch -P8 -p1
# Remove webservices naming resources as it's generally unused
%{__rm} -rf java/org/apache/naming/factory/webservices
@ -241,7 +268,7 @@ touch HACK
deploy
# remove some jars that we'll replace with symlinks later
%{__rm} output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
%{__rm} output/build/lib/ecj.jar
# Remove the example webapps per Apache Tomcat Security Considerations
# see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
%{__rm} -rf output/build/webapps/examples
@ -339,6 +366,7 @@ pushd ${RPM_BUILD_ROOT}%{libdir}
%{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar .
%{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar .
%{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar
%{__cp} -a ../../%{name}/bin/tomcat-juli.jar .
popd
# symlink to the FHS locations where we've installed things
@ -354,7 +382,7 @@ popd
# Install the maven metadata for the spec impl artifacts as other projects use them
#%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir}
pushd res/maven
for pom in tomcat-el-api.pom tomcat-jsp-api.pom tomcat-servlet-api.pom; do
for pom in *.pom; do
# fix-up version in all pom files
sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom
done
@ -364,6 +392,36 @@ popd
%mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar
%mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar
%mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar
%mvn_artifact res/maven/tomcat-annotations-api.pom ${RPM_BUILD_ROOT}%{libdir}/annotations-api.jar
%mvn_artifact res/maven/tomcat-api.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-api.jar
%mvn_artifact res/maven/tomcat-catalina-ant.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ant.jar
%mvn_artifact res/maven/tomcat-catalina-ha.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ha.jar
%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar
%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar
%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar
%mvn_artifact res/maven/tomcat-catalina.pom ${RPM_BUILD_ROOT}%{libdir}/catalina.jar
%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar
%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar
%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar
%mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar
%mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar
%mvn_artifact res/maven/tomcat-i18n-cs.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-cs.jar
%mvn_artifact res/maven/tomcat-i18n-de.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-de.jar
%mvn_artifact res/maven/tomcat-i18n-es.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-es.jar
%mvn_artifact res/maven/tomcat-i18n-fr.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-fr.jar
%mvn_artifact res/maven/tomcat-i18n-ja.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ja.jar
%mvn_artifact res/maven/tomcat-i18n-ko.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ko.jar
%mvn_artifact res/maven/tomcat-i18n-pt-BR.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-pt-BR.jar
%mvn_artifact res/maven/tomcat-i18n-ru.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ru.jar
%mvn_artifact res/maven/tomcat-i18n-zh-CN.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-zh-CN.jar
%mvn_artifact res/maven/tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jdbc.jar
%mvn_artifact res/maven/tomcat-jni.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jni.jar
%mvn_artifact res/maven/tomcat-juli.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar
%mvn_artifact res/maven/tomcat-util-scan.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util-scan.jar
%mvn_artifact res/maven/tomcat-util.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util.jar
%mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar
%mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar
%mvn_artifact res/maven/tomcat.pom
%mvn_install
%pre
@ -480,34 +538,59 @@ fi
%files docs-webapp
%{appdir}/docs
%files lib
%files lib -f .mfiles
%dir %{libdir}
%{libdir}/*.jar
%{_javadir}/*.jar
%{bindir}/tomcat-juli.jar
%exclude %{libdir}/%{name}-el-%{elspec}-api.jar
%exclude %{libdir}/%{name}-servlet-%{servletspec}*.jar
%exclude %{libdir}/%{name}-jsp-%{jspspec}*.jar
%exclude %{_javadir}/%{name}-servlet-%{servletspec}*.jar
%exclude %{_javadir}/%{name}-el-%{elspec}-api.jar
%exclude %{_javadir}/%{name}-jsp-%{jspspec}*.jar
%exclude %{_javadir}/%{name}-servlet-api.jar
%exclude %{_javadir}/%{name}-el-api.jar
%exclude %{_javadir}/%{name}-jsp-api.jar
%files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api
%{_javadir}/%{name}-jsp-%{jspspec}*.jar
%{libdir}/%{name}-jsp-%{jspspec}*.jar
%{_javadir}/%{name}-jsp-api.jar
%files servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api
%doc LICENSE
%{_javadir}/%{name}-servlet-%{servletspec}*.jar
%{libdir}/%{name}-servlet-%{servletspec}*.jar
%{_javadir}/%{name}-servlet-api.jar
%files el-%{elspec}-api -f .mfiles-tomcat-el-api
%doc LICENSE
%{_javadir}/%{name}-el-%{elspec}-api.jar
%{libdir}/%{name}-el-%{elspec}-api.jar
%{_javadir}/%{name}-el-api.jar
%files webapps
%defattr(0644,tomcat,tomcat,0755)
%{appdir}/ROOT
%files java-jdk8
%files java-jdk11
%files java-jdk17
%changelog
* Wed Jun 21 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-12
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
- Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
- Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
- Resolves: #2210632 CVE-2023-28709
- Resolves: #2184133 Add Obsoletes to tomcat package
- Update patch command
- Update source to use jws tomcat
* Thu Feb 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-11
- Bump release so that the NVR on RHEL-9 is higher than RHEL-8