rpms
/
tomcat
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3 

Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
Resolves: #2210632 CVE-2023-28709
Resolves: #2184133 Add Obsoletes to tomcat package
Update patch command
Update source to use jws tomcat
This commit is contained in:
Hui Wang 2023-06-30 15:18:33 +08:00
parent cbe42b74db
commit 5112b5efc0
6 changed files with 151 additions and 396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ apache-tomcat-*-src.tar.gz
results_tomcat results_tomcat
tomcat*.src.rpm tomcat*.src.rpm
apache-tomcat-*-src/ apache-tomcat-*-src/
/tomcat-9.0.62.redhat-00012.tar.gz

40
JmxRemoteLifecycleListener.patch Normal file
View File

@ -0,0 +1,40 @@
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
index f62f8d1..db19960 100644
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
* Better to use the internal API than re-invent the wheel.
*/
@SuppressWarnings("restriction")
- private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
+ private static class JmxRegistry {
private static final long serialVersionUID = -3772054804656428217L;
private final String jmxName;
private final Remote jmxServer;
public JmxRegistry(int port, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
- super(port, csf, ssf);
this.jmxName = jmxName;
this.jmxServer = jmxServer;
}
- @Override
public Remote lookup(String name)
throws RemoteException, NotBoundException {
return (jmxName.equals(name)) ? jmxServer : null;
}
- @Override
public void bind(String name, Remote obj)
throws RemoteException, AlreadyBoundException, AccessException {
}
- @Override
public void unbind(String name)
throws RemoteException, NotBoundException, AccessException {
}
- @Override
public void rebind(String name, Remote obj)
throws RemoteException, AccessException {
}
- @Override
public String[] list() throws RemoteException {
return new String[] { jmxName };
}

2
sources
View File

@ -1 +1 @@
SHA512 (apache-tomcat-9.0.62-src.tar.gz) = 7e9cad2703473d9f096009c464b28d54d3765259fab1923ef8c9b1cbfa231fa51cedadfe771a3a95abffd258759a71023e036bda78b949440a5e826fbd4e9e09 SHA512 (tomcat-9.0.62.redhat-00012.tar.gz) = e02ec42a27bbb67dce7de86caf18dd093fc0924c66086ff7dec8ae4bec5f73f523a688db28df2091384fc211d8f2b375b6fa7ebdba39d363aa824b1b5bf05e01

24
tomcat-9.0-JDTCompiler.patch
View File

@ -1,24 +0,0 @@
diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
index 2e361f2..277d8f4 100644
--- java/org/apache/jasper/compiler/JDTCompiler.java
+++ java/org/apache/jasper/compiler/JDTCompiler.java
@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
} else if(opt.equals("15")) {
settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_Source, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.
@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
} else if(opt.equals("16")) {
- settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
- settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
+ settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
+ settings.put(CompilerOptions.OPTION_Compliance, "16");
} else if(opt.equals("17")) {
// Constant not available in latest ECJ version that runs on
// Java 8.

345
tomcat-9.0-memory-leak.patch
View File

@ -1,345 +0,0 @@
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 8746b6b..dc878c6 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -1820,41 +1820,13 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
// shutting down the executor
boolean usingExecutor = false;
try {
-
- // Runnable wrapped by Thread
- // "target" in Sun/Oracle JDK
- // "runnable" in IBM JDK
- // "action" in Apache Harmony
- Object target = null;
- for (String fieldName : new String[] { "target", "runnable", "action" }) {
- try {
- Field targetField = thread.getClass().getDeclaredField(fieldName);
- targetField.setAccessible(true);
- target = targetField.get(thread);
- break;
- } catch (NoSuchFieldException nfe) {
- continue;
- }
- }
-
- // "java.util.concurrent" code is in public domain,
- // so all implementations are similar including our
- // internal fork.
- if (target != null && target.getClass().getCanonicalName() != null &&
- (target.getClass().getCanonicalName().equals(
- "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
- target.getClass().getCanonicalName().equals(
- "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
- Field executorField = target.getClass().getDeclaredField("this$0");
- executorField.setAccessible(true);
- Object executor = executorField.get(target);
- if (executor instanceof ThreadPoolExecutor) {
- ((ThreadPoolExecutor) executor).shutdownNow();
- usingExecutor = true;
- } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
- ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
- usingExecutor = true;
- }
+ Object executor = JreCompat.getInstance().getExecutor(thread);
+ if (executor instanceof ThreadPoolExecutor) {
+ ((ThreadPoolExecutor) executor).shutdownNow();
+ usingExecutor = true;
+ } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
+ ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
+ usingExecutor = true;
}
} catch (NoSuchFieldException | IllegalAccessException | RuntimeException e) {
// InaccessibleObjectException is only available in Java 9+,
@@ -2306,6 +2278,12 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
private void clearReferencesObjectStreamClassCaches() {
+ if (JreCompat.isJre19Available()) {
+ // The memory leak this fixes has been fixed in Java 19 onwards,
+ // 17.0.4 onwards and 11.0.16 onwards
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
+ return;
+ }
try {
Class<?> clazz = Class.forName("java.io.ObjectStreamClass$Caches");
clearCache(clazz, "localDescs");
@@ -2333,14 +2311,19 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
throws ReflectiveOperationException, SecurityException, ClassCastException {
Field f = target.getDeclaredField(mapName);
f.setAccessible(true);
- Map<?,?> map = (Map<?,?>) f.get(null);
- Iterator<?> keys = map.keySet().iterator();
- while (keys.hasNext()) {
- Object key = keys.next();
- if (key instanceof Reference) {
- Object clazz = ((Reference<?>) key).get();
- if (loadedByThisOrChild(clazz)) {
- keys.remove();
+ Object map = f.get(null);
+ // Avoid trying to clear references if Tomcat is running on a JRE that
+ // includes the fix for this memory leak
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
+ if (map instanceof Map<?,?>) {
+ Iterator<?> keys = ((Map<?,?>) map).keySet().iterator();
+ while (keys.hasNext()) {
+ Object key = keys.next();
+ if (key instanceof Reference) {
+ Object clazz = ((Reference<?>) key).get();
+ if (loadedByThisOrChild(clazz)) {
+ keys.remove();
+ }
}
}
}
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 62df145..e5df728 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.compat;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.SocketAddress;
@@ -45,6 +46,7 @@ public class JreCompat {
private static final JreCompat instance;
private static final boolean graalAvailable;
+ private static final boolean jre19Available;
private static final boolean jre16Available;
private static final boolean jre11Available;
private static final boolean jre9Available;
@@ -67,18 +69,26 @@ public class JreCompat {
// This is Tomcat 9 with a minimum Java version of Java 8.
// Look for the highest supported JVM first
- if (Jre16Compat.isSupported()) {
+ if (Jre19Compat.isSupported()) {
+ instance = new Jre19Compat();
+ jre9Available = true;
+ jre16Available = true;
+ jre19Available = true;
+ } else if (Jre16Compat.isSupported()) {
instance = new Jre16Compat();
jre9Available = true;
jre16Available = true;
+ jre19Available = false;
} else if (Jre9Compat.isSupported()) {
instance = new Jre9Compat();
jre9Available = true;
jre16Available = false;
+ jre19Available = false;
} else {
instance = new JreCompat();
jre9Available = false;
jre16Available = false;
+ jre19Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
@@ -124,6 +134,9 @@ public class JreCompat {
return jre16Available;
}
+ public static boolean isJre19Available() {
+ return jre19Available;
+ }
// Java 8 implementation of Java 9 methods
@@ -303,6 +316,8 @@ public class JreCompat {
}
+ // Java 8 implementations of Java 16 methods
+
/**
* Return Unix domain socket address for given path.
* @param path The path
@@ -329,4 +344,63 @@ public class JreCompat {
public SocketChannel openUnixDomainSocketChannel() {
throw new UnsupportedOperationException(sm.getString("jreCompat.noUnixDomainSocket"));
}
+
+
+ // Java 8 implementations of Java 19 methods
+
+ /**
+ * Obtains the executor, if any, used to create the provided thread.
+ *
+ * @param thread The thread to examine
+ *
+ * @return The executor, if any, that created the provided thread
+ *
+ * @throws NoSuchFieldException
+ * If a field used via reflection to obtain the executor cannot
+ * be found
+ * @throws SecurityException
+ * If a security exception occurs while trying to identify the
+ * executor
+ * @throws IllegalArgumentException
+ * If the instance object does not match the class of the field
+ * when obtaining a field value via reflection
+ * @throws IllegalAccessException
+ * If a field is not accessible due to access restrictions
+ */
+ public Object getExecutor(Thread thread)
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ Object result = null;
+
+ // Runnable wrapped by Thread
+ // "target" in Sun/Oracle JDK
+ // "runnable" in IBM JDK
+ // "action" in Apache Harmony
+ Object target = null;
+ for (String fieldName : new String[] { "target", "runnable", "action" }) {
+ try {
+ Field targetField = thread.getClass().getDeclaredField(fieldName);
+ targetField.setAccessible(true);
+ target = targetField.get(thread);
+ break;
+ } catch (NoSuchFieldException nfe) {
+ continue;
+ }
+ }
+
+ // "java.util.concurrent" code is in public domain,
+ // so all implementations are similar including our
+ // internal fork.
+ if (target != null && target.getClass().getCanonicalName() != null &&
+ (target.getClass().getCanonicalName().equals(
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
+ target.getClass().getCanonicalName().equals(
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
+ Field executorField = target.getClass().getDeclaredField("this$0");
+ executorField.setAccessible(true);
+ result = executorField.get(target);
+ }
+
+ return result;
+ }
}
diff --git a/java/org/apache/tomcat/util/compat/LocalStrings.properties b/java/org/apache/tomcat/util/compat/LocalStrings.properties
index 79427da..c4c2f7d 100644
--- a/java/org/apache/tomcat/util/compat/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/compat/LocalStrings.properties
@@ -16,6 +16,8 @@
jre16Compat.javaPre16=Class not found so assuming code is running on a pre-Java 16 JVM
jre16Compat.unexpected=Failed to create references to Java 16 classes and methods
+jre19Compat.javaPre19=Class not found so assuming code is running on a pre-Java 19 JVM
+
jre9Compat.invalidModuleUri=The module URI provided [{0}] could not be converted to a URL for the JarScanner to process
jre9Compat.javaPre9=Class not found so assuming code is running on a pre-Java 9 JVM
jre9Compat.unexpected=Failed to create references to Java 9 classes and methods
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index d118196..42dfe38 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -769,7 +769,11 @@
therefore requires that the command line option
<code>-XaddExports:java.base/java.io=ALL-UNNAMED</code> is set
when running on Java 9 and above. If not specified, the default value of
- <code>true</code> will be used.</p>
+ <code>true</code> will be used.</p>
+ <p>The memory leak associated with <code>ObjectStreamClass</code> has
+ been fixed in Java 19 onwards, Java 17.0.4 onwards and Java 11.0.16
+ onwards. The check will be disabled when running on a version
+ of Java that contains the fix.</p>
</attribute>
<attribute name="clearReferencesRmiTargets" required="false">
diff --git a/java/org/apache/tomcat/util/compat/Jre19Compat.java b/java/org/apache/tomcat/util/compat/Jre19Compat.java
new file mode 100644
index 0000000000..fb94810b40
--- /dev/null
+++ b/java/org/apache/tomcat/util/compat/Jre19Compat.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.compat;
+
+import java.lang.reflect.Field;
+
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+public class Jre19Compat extends Jre16Compat {
+
+ private static final Log log = LogFactory.getLog(Jre19Compat.class);
+ private static final StringManager sm = StringManager.getManager(Jre19Compat.class);
+
+ private static final boolean supported;
+
+ static {
+ // Don't need any Java 19 specific classes (yet) so just test for one of
+ // the new ones for now.
+ Class<?> c1 = null;
+ try {
+ c1 = Class.forName("java.lang.WrongThreadException");
+ } catch (ClassNotFoundException cnfe) {
+ // Must be pre-Java 16
+ log.debug(sm.getString("jre19Compat.javaPre19"), cnfe);
+ }
+
+ supported = (c1 != null);
+ }
+
+ static boolean isSupported() {
+ return supported;
+ }
+
+ @Override
+ public Object getExecutor(Thread thread)
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ Object result = super.getExecutor(thread);
+
+ if (result == null) {
+ Object holder = null;
+ Object task = null;
+ try {
+ Field holderField = thread.getClass().getDeclaredField("holder");
+ holderField.setAccessible(true);
+ holder = holderField.get(thread);
+
+ Field taskField = holder.getClass().getDeclaredField("task");
+ taskField.setAccessible(true);
+ task = taskField.get(holder);
+ } catch (NoSuchFieldException nfe) {
+ return null;
+ }
+
+ if (task!= null && task.getClass().getCanonicalName() != null &&
+ (task.getClass().getCanonicalName().equals(
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
+ task.getClass().getCanonicalName().equals(
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
+ Field executorField = task.getClass().getDeclaredField("this$0");
+ executorField.setAccessible(true);
+ result = executorField.get(task);
+ }
+ }
+
+ return result;
+ }
+}

135
tomcat.spec
View File

@ -32,7 +32,7 @@
%global major_version 9 %global major_version 9
%global minor_version 0 %global minor_version 0
%global micro_version 62 %global micro_version 62
%global packdname apache-tomcat-%{version}-src %global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012
%global servletspec 4.0 %global servletspec 4.0
%global elspec 3.0 %global elspec 3.0
%global tcuid 53 %global tcuid 53
@ -56,12 +56,12 @@
Name: tomcat Name: tomcat
Epoch: 1 Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version} Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 11%{?dist} Release: 12%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0 License: ASL 2.0
URL: http://tomcat.apache.org/ URL: http://tomcat.apache.org/
Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source0: %{packdname}.tar.gz
Source1: %{name}-%{major_version}.%{minor_version}.conf Source1: %{name}-%{major_version}.%{minor_version}.conf
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
Source4: %{name}-%{major_version}.%{minor_version}.wrapper Source4: %{name}-%{major_version}.%{minor_version}.wrapper
@ -80,10 +80,8 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat
Patch2: %{name}-build.patch Patch2: %{name}-build.patch
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
Patch4: rhbz-1857043.patch Patch4: rhbz-1857043.patch
Patch5: %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch
Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
# The fixes for memory leak which have been fixed in 9.0.64, remove this patch in the next tomcat update Patch7: JmxRemoteLifecycleListener.patch
Patch7: %{name}-%{major_version}.%{minor_version}-memory-leak.patch
Patch8: fix-malformed-dtd.patch Patch8: fix-malformed-dtd.patch
BuildArch: noarch BuildArch: noarch
@ -91,13 +89,12 @@ BuildArch: noarch
BuildRequires: ant BuildRequires: ant
BuildRequires: ecj >= 1:4.10 BuildRequires: ecj >= 1:4.10
BuildRequires: findutils BuildRequires: findutils
BuildRequires: java-devel >= 1:1.8.0
BuildRequires: javapackages-local BuildRequires: javapackages-local
BuildRequires: aqute-bnd BuildRequires: aqute-bnd
BuildRequires: aqute-bndlib BuildRequires: aqute-bndlib
BuildRequires: systemd BuildRequires: systemd
Requires: java-headless >= 1:1.8.0 Requires: (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java >= 1:1.8)
Requires: javapackages-tools Requires: javapackages-tools
Requires: %{name}-lib = %{epoch}:%{version}-%{release} Requires: %{name}-lib = %{epoch}:%{version}-%{release}
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} || 0%{?rhel} > 7
@ -108,8 +105,8 @@ Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
# We will change it to an obsoletes whenever the pki team is able to make the switch Provides: pki-servlet-engine
Conflicts: pki-servlet-engine <= 1:9.0.50 Obsoletes: pki-servlet-engine <= 1:9.0.50
# added after log4j sub-package was removed # added after log4j sub-package was removed
Provides: %{name}-log4j = %{epoch}:%{version}-%{release} Provides: %{name}-log4j = %{epoch}:%{version}-%{release}
@ -124,6 +121,33 @@ Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world. to be a collaboration of the best-of-breed developers from around the world.
%package java-jdk8
Group: Development/Java
Summary: Tomcat on JDK 8
Requires: java-1.8.0 >= 1:1.8
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk8
Tomcat on JDK 8
%package java-jdk11
Group: Development/Java
Summary: Tomcat on JDK 11
Requires: (java-11 or java-11-headless)
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk11
Tomcat on JDK 11
%package java-jdk17
Group: Development/Java
Summary: Tomcat on JDK 17
Requires: (java-17 or java-17-headless)
Provides: tomcat-java = %{epoch}:%{version}-%{release}
%description java-jdk17
Tomcat on JDK 17
%package admin-webapps %package admin-webapps
Summary: The host-manager and manager web applications for Apache Tomcat Summary: The host-manager and manager web applications for Apache Tomcat
Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name} = %{epoch}:%{version}-%{release}
@ -144,7 +168,8 @@ Provides: jsp = %{jspspec}
Obsoletes: %{name}-jsp-2.2-api Obsoletes: %{name}-jsp-2.2-api
Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
Conflicts: pki-servlet-engine <= 1:9.0.50 Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description jsp-%{jspspec}-api %description jsp-%{jspspec}-api
Apache Tomcat JSP API Implementation Classes. Apache Tomcat JSP API Implementation Classes.
@ -156,7 +181,8 @@ Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release} Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
Requires: ecj >= 1:4.10 Requires: ecj >= 1:4.10
Requires(preun): coreutils Requires(preun): coreutils
Conflicts: pki-servlet-engine <= 1:9.0.50 Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description lib %description lib
Libraries needed to run the Tomcat Web container. Libraries needed to run the Tomcat Web container.
@ -167,7 +193,8 @@ Provides: servlet = %{servletspec}
Provides: servlet6 Provides: servlet6
Provides: servlet3 Provides: servlet3
Obsoletes: %{name}-servlet-3.1-api Obsoletes: %{name}-servlet-3.1-api
Conflicts: pki-servlet-4.0-api <= 1:9.0.50 Provides: pki-servlet-4.0-api
Obsoletes: pki-servlet-4.0-api <= 1:9.0.50
%description servlet-%{servletspec}-api %description servlet-%{servletspec}-api
Apache Tomcat Servlet API Implementation Classes. Apache Tomcat Servlet API Implementation Classes.
@ -176,7 +203,8 @@ Apache Tomcat Servlet API Implementation Classes.
Summary: Apache Tomcat Expression Language v%{elspec} API Implementation Classes Summary: Apache Tomcat Expression Language v%{elspec} API Implementation Classes
Provides: el_api = %{elspec} Provides: el_api = %{elspec}
Obsoletes: %{name}-el-2.2-api Obsoletes: %{name}-el-2.2-api
Conflicts: pki-servlet-engine <= 1:9.0.50 Provides: pki-servlet-engine
Obsoletes: pki-servlet-engine <= 1:9.0.50
%description el-%{elspec}-api %description el-%{elspec}-api
Apache Tomcat EL API Implementation Classes. Apache Tomcat EL API Implementation Classes.
@ -194,15 +222,14 @@ The ROOT web application for Apache Tomcat.
find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
-name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
%patch0 -p0 %patch -P0 -p0
%patch1 -p0 %patch -P1 -p0
%patch2 -p0 %patch -P2 -p0
%patch3 -p0 %patch -P3 -p0
%patch4 -p0 %patch -P4 -p0
%patch5 -p0 %patch -P6 -p0
%patch6 -p0 %patch -P7 -p1
%patch7 -p1 %patch -P8 -p1
%patch8 -p1
# Remove webservices naming resources as it's generally unused # Remove webservices naming resources as it's generally unused
%{__rm} -rf java/org/apache/naming/factory/webservices %{__rm} -rf java/org/apache/naming/factory/webservices
@ -241,7 +268,7 @@ touch HACK
deploy deploy
# remove some jars that we'll replace with symlinks later # remove some jars that we'll replace with symlinks later
%{__rm} output/build/bin/commons-daemon.jar output/build/lib/ecj.jar %{__rm} output/build/lib/ecj.jar
# Remove the example webapps per Apache Tomcat Security Considerations # Remove the example webapps per Apache Tomcat Security Considerations
# see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html # see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
%{__rm} -rf output/build/webapps/examples %{__rm} -rf output/build/webapps/examples
@ -339,6 +366,7 @@ pushd ${RPM_BUILD_ROOT}%{libdir}
%{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar . %{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar .
%{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar . %{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar .
%{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar %{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar
%{__cp} -a ../../%{name}/bin/tomcat-juli.jar .
popd popd
# symlink to the FHS locations where we've installed things # symlink to the FHS locations where we've installed things
@ -354,7 +382,7 @@ popd
# Install the maven metadata for the spec impl artifacts as other projects use them # Install the maven metadata for the spec impl artifacts as other projects use them
#%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir} #%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_mavenpomdir}
pushd res/maven pushd res/maven
for pom in tomcat-el-api.pom tomcat-jsp-api.pom tomcat-servlet-api.pom; do for pom in *.pom; do
# fix-up version in all pom files # fix-up version in all pom files
sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom
done done
@ -364,6 +392,36 @@ popd
%mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar %mvn_artifact res/maven/tomcat-el-api.pom output/build/lib/el-api.jar
%mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar %mvn_artifact res/maven/tomcat-jsp-api.pom output/build/lib/jsp-api.jar
%mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar %mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar
%mvn_artifact res/maven/tomcat-annotations-api.pom ${RPM_BUILD_ROOT}%{libdir}/annotations-api.jar
%mvn_artifact res/maven/tomcat-api.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-api.jar
%mvn_artifact res/maven/tomcat-catalina-ant.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ant.jar
%mvn_artifact res/maven/tomcat-catalina-ha.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ha.jar
%mvn_artifact res/maven/tomcat-ssi.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-ssi.jar
%mvn_artifact res/maven/tomcat-storeconfig.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-storeconfig.jar
%mvn_artifact res/maven/tomcat-tribes.pom ${RPM_BUILD_ROOT}%{libdir}/catalina-tribes.jar
%mvn_artifact res/maven/tomcat-catalina.pom ${RPM_BUILD_ROOT}%{libdir}/catalina.jar
%mvn_artifact res/maven/tomcat-jasper-el.pom ${RPM_BUILD_ROOT}%{libdir}/jasper-el.jar
%mvn_artifact res/maven/tomcat-jasper.pom ${RPM_BUILD_ROOT}%{libdir}/jasper.jar
%mvn_artifact res/maven/tomcat-jaspic-api.pom ${RPM_BUILD_ROOT}%{libdir}/jaspic-api.jar
%mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar
%mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar
%mvn_artifact res/maven/tomcat-i18n-cs.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-cs.jar
%mvn_artifact res/maven/tomcat-i18n-de.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-de.jar
%mvn_artifact res/maven/tomcat-i18n-es.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-es.jar
%mvn_artifact res/maven/tomcat-i18n-fr.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-fr.jar
%mvn_artifact res/maven/tomcat-i18n-ja.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ja.jar
%mvn_artifact res/maven/tomcat-i18n-ko.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ko.jar
%mvn_artifact res/maven/tomcat-i18n-pt-BR.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-pt-BR.jar
%mvn_artifact res/maven/tomcat-i18n-ru.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-ru.jar
%mvn_artifact res/maven/tomcat-i18n-zh-CN.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-i18n-zh-CN.jar
%mvn_artifact res/maven/tomcat-jdbc.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jdbc.jar
%mvn_artifact res/maven/tomcat-jni.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-jni.jar
%mvn_artifact res/maven/tomcat-juli.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar
%mvn_artifact res/maven/tomcat-util-scan.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util-scan.jar
%mvn_artifact res/maven/tomcat-util.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-util.jar
%mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar
%mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar
%mvn_artifact res/maven/tomcat.pom
%mvn_install %mvn_install
%pre %pre
@ -480,34 +538,59 @@ fi
%files docs-webapp %files docs-webapp
%{appdir}/docs %{appdir}/docs
%files lib %files lib -f .mfiles
%dir %{libdir} %dir %{libdir}
%{libdir}/*.jar %{libdir}/*.jar
%{_javadir}/*.jar %{_javadir}/*.jar
%{bindir}/tomcat-juli.jar %{bindir}/tomcat-juli.jar
%exclude %{libdir}/%{name}-el-%{elspec}-api.jar %exclude %{libdir}/%{name}-el-%{elspec}-api.jar
%exclude %{libdir}/%{name}-servlet-%{servletspec}*.jar
%exclude %{libdir}/%{name}-jsp-%{jspspec}*.jar
%exclude %{_javadir}/%{name}-servlet-%{servletspec}*.jar %exclude %{_javadir}/%{name}-servlet-%{servletspec}*.jar
%exclude %{_javadir}/%{name}-el-%{elspec}-api.jar %exclude %{_javadir}/%{name}-el-%{elspec}-api.jar
%exclude %{_javadir}/%{name}-jsp-%{jspspec}*.jar %exclude %{_javadir}/%{name}-jsp-%{jspspec}*.jar
%exclude %{_javadir}/%{name}-servlet-api.jar
%exclude %{_javadir}/%{name}-el-api.jar
%exclude %{_javadir}/%{name}-jsp-api.jar
%files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api %files jsp-%{jspspec}-api -f .mfiles-tomcat-jsp-api
%{_javadir}/%{name}-jsp-%{jspspec}*.jar %{_javadir}/%{name}-jsp-%{jspspec}*.jar
%{libdir}/%{name}-jsp-%{jspspec}*.jar
%{_javadir}/%{name}-jsp-api.jar
%files servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api %files servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api
%doc LICENSE %doc LICENSE
%{_javadir}/%{name}-servlet-%{servletspec}*.jar %{_javadir}/%{name}-servlet-%{servletspec}*.jar
%{libdir}/%{name}-servlet-%{servletspec}*.jar
%{_javadir}/%{name}-servlet-api.jar
%files el-%{elspec}-api -f .mfiles-tomcat-el-api %files el-%{elspec}-api -f .mfiles-tomcat-el-api
%doc LICENSE %doc LICENSE
%{_javadir}/%{name}-el-%{elspec}-api.jar %{_javadir}/%{name}-el-%{elspec}-api.jar
%{libdir}/%{name}-el-%{elspec}-api.jar %{libdir}/%{name}-el-%{elspec}-api.jar
%{_javadir}/%{name}-el-api.jar
%files webapps %files webapps
%defattr(0644,tomcat,tomcat,0755) %defattr(0644,tomcat,tomcat,0755)
%{appdir}/ROOT %{appdir}/ROOT
%files java-jdk8
%files java-jdk11
%files java-jdk17
%changelog %changelog
* Wed Jun 21 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-12
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
- Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
- Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
- Resolves: #2210632 CVE-2023-28709
- Resolves: #2184133 Add Obsoletes to tomcat package
- Update patch command
- Update source to use jws tomcat
* Thu Feb 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-11 * Thu Feb 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-11
- Bump release so that the NVR on RHEL-9 is higher than RHEL-8 - Bump release so that the NVR on RHEL-9 is higher than RHEL-8