- 6.0.18

- Resolves: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938 - fix definition of java.security.policy with d%%{name} start-security - don't pass $CATALINA_OPTS with d%%{name} stop - redefine tempdir and workdir for tmpwatch workaround - change eclipse-ecj references to ecj
2008-09-05 17:14:04 +00:00 · 2008-09-05 17:14:04 +00:00 · f2e782275f
commit f2e782275f
parent 372ace32ad
6 changed files with 42 additions and 34 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-apache-tomcat-6.0.16-src.tar.gz
+apache-tomcat-6.0.18-src.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-b2e42e8a875339e655d92975729717e5  apache-tomcat-6.0.16-src.tar.gz
+9bdbb1c1d79302c80057a70b18fe6721  apache-tomcat-6.0.18-src.tar.gz
--- a/tomcat6-6.0-bootstrap-MANIFEST.MF.patch
+++ b/tomcat6-6.0-bootstrap-MANIFEST.MF.patch
@ -1,5 +1,5 @@
--- apache-tomcat-6.0.16-src/res/bootstrap.jar.manifest.orig	2007-06-21 11:02:18.000000000 -0400
+--- res/bootstrap.jar.manifest.orig	2007-06-21 11:02:18.000000000 -0400
-+++ apache-tomcat-6.0.16-src/res/bootstrap.jar.manifest	2007-06-21 11:02:26.000000000 -0400
+++ res/bootstrap.jar.manifest	2007-06-21 11:02:26.000000000 -0400
@@ -1,5 +1,4 @@
 Manifest-Version: 1.0
 Main-Class: org.apache.catalina.startup.Bootstrap
--- a/tomcat6-6.0-tomcat-users-webapp.patch
+++ b/tomcat6-6.0-tomcat-users-webapp.patch
@ -1,5 +1,5 @@
--- apache-tomcat-6.0.16-src/conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
+--- conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
-+++ apache-tomcat-6.0.16-src/conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
+++ conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
@@ -23,4 +23,9 @@
   <user username="both" password="tomcat" roles="tomcat,role1"/>
   <user username="role1" password="tomcat" roles="role1"/>
--- a/tomcat6-6.0.wrapper
+++ b/tomcat6-6.0.wrapper
@ -48,7 +48,7 @@ elif [ "$1" = "start-security" ]; then
    -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
    -Djava.io.tmpdir="$CATALINA_TMPDIR" \
    -Djava.security.manager \
-    -Djava.security.policy="${CATALINA_BASE}/conf/catalina.policy" \
+    -Djava.security.policy=="${CATALINA_BASE}/conf/catalina.policy" \
    -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \
    -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \
    org.apache.catalina.startup.Bootstrap start \
@ -57,7 +57,7 @@ elif [ "$1" = "start-security" ]; then
      echo $! > $CATALINA_PID
    fi
 elif [ "$1" = "stop" ]; then
-  ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
+  ${JAVACMD} $JAVA_OPTS \
    -classpath "$CLASSPATH" \
    -Dcatalina.base="$CATALINA_BASE" \
    -Dcatalina.home="$CATALINA_HOME" \
--- a/tomcat6.spec
+++ b/tomcat6.spec
@ -31,9 +31,9 @@
 %define section free
 %define jspspec 2.1
 %define macro_version 16
 %define major_version 6
 %define minor_version 0
 %define micro_version 18
 %define packdname apache-tomcat-%{version}-src
 %define servletspec 2.5
 %define tcuid 91
@ -45,13 +45,13 @@
 %define homedir %{_datadir}/%{name}
 %define libdir %{_javadir}/%{name}
 %define logdir %{_var}/log/%{name}
-%define tempdir %{_var}/tmp/%{name}
+%define tempdir %{_var}/cache/%{name}/temp
-%define workdir %{_var}/cache/%{name}
+%define workdir %{_var}/cache/%{name}/work
 Name: tomcat6
 Epoch: 0
-Version: %{major_version}.%{minor_version}.%{macro_version}
+Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 1.8%{?dist}
+Release: 1.1%{?dist}
 Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 Group: Networking/Daemons
@ -72,18 +72,18 @@ BuildArch: noarch
 BuildRequires: ant
 BuildRequires: ant-trax
-BuildRequires: eclipse-ecj >= 0:3.2.2
+BuildRequires: ecj
 BuildRequires: findutils
 BuildRequires: jakarta-commons-collections
 BuildRequires: jakarta-commons-daemon
-BuildRequires: java-devel >= 0:1.6.0
+BuildRequires: java-1.6.0-devel
 BuildRequires: jpackage-utils >= 0:1.7.0
 BuildRequires: junit
 Requires(pre): shadow-utils
 Requires(pre): shadow-utils
 Requires: jakarta-commons-daemon
 Requires: jakarta-commons-logging
-Requires: java >= 0:1.6.0
+Requires: java-1.6.0
 Requires: procps
 Requires: %{name}-lib = %{epoch}:%{version}-%{release}
 Requires(post): chkconfig
@ -107,7 +107,7 @@ Summary: The host-manager and manager web applications for Apache Tomcat
 Requires: %{name} = %{epoch}:%{version}-%{release}
 %description admin-webapps
-The host-manager and manager web applications for Apache Tomcat
+The host-manager and manager web applications for Apache Tomcat.
 %package docs-webapp
 Group: System Environment/Applications
@ -115,14 +115,14 @@ Summary: The docs web application for Apache Tomcat
 Requires: %{name} = %{epoch}:%{version}-%{release}
 %description docs-webapp
-The docs web application for Apache Tomcat
+The docs web application for Apache Tomcat.
 %package javadoc
 Group: Documentation
 Summary: Javadoc generated documentation for Apache Tomcat
 %description javadoc
-Javadoc generated documentation for Apache Tomcat
+Javadoc generated documentation for Apache Tomcat.
 %package jsp-%{jspspec}-api
 Group: Internet/WWW/Dynamic Content
@ -134,21 +134,21 @@ Requires(post): chkconfig
 Requires(postun): chkconfig
 %description jsp-%{jspspec}-api
-Apache Tomcat JSP API implementation classes
+Apache Tomcat JSP API implementation classes.
 %package lib
 Group: Development/Compilers
 Summary: Libraries needed to run the Tomcat Web container
 Requires: %{name}-jsp-%{jspspec}-api = %{epoch}:%{version}-%{release}
 Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
-Requires(post): eclipse-ecj >= 0:3.2.2
+Requires(post): ecj
 Requires(post): jakarta-commons-collections-tomcat5
 Requires(post): jakarta-commons-dbcp-tomcat5
 Requires(post): jakarta-commons-pool-tomcat5
 Requires(preun): coreutils
 %description lib
-Libraries needed to run the Tomcat Web container
+Libraries needed to run the Tomcat Web container.
 %package servlet-%{servletspec}-api
 Group: Internet/WWW/Dynamic Content
@ -160,7 +160,7 @@ Requires(post): chkconfig
 Requires(postun): chkconfig
 %description servlet-%{servletspec}-api
-Apache Tomcat Servlet API implementation classes
+Apache Tomcat Servlet API implementation classes.
 %package webapps
 Group: System Environment/Applications
@ -169,15 +169,17 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
 Requires(post): jakarta-taglibs-standard >= 0:1.1
 %description webapps
-The ROOT and examples web applications for Apache Tomcat
+The ROOT and examples web applications for Apache Tomcat.
 %prep
 %setup -q -c -T -a 0
 # remove pre-built binaries and windows files
-find . \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
+find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
-          -name "*.jar" -o -name "*.war" -o -name "*.zip" \) | xargs -t %{__rm} -f
+          -name "*.jar" -o -name "*.war" -o -name "*.zip" \) | xargs -t %{__rm}
 pushd %{packdname}
 %patch0 -p0
 %patch1 -p0
 popd
 %build
 export CLASSPATH=
@ -193,19 +195,19 @@ pushd %{packdname}
        -Dcommons-collections.jar="$(build-classpath commons-collections)" \
        -Dcommons-daemon.jar="$(build-classpath commons-daemon)" \
        -Dcommons-daemon.jsvc.tar.gz="HACK" \
-        -Djasper-jdt.jar="$(build-classpath eclipse-ecj)" \
+        -Djasper-jdt.jar="$(build-classpath ecj)" \
-        -Djdt.jar="$(build-classpath eclipse-ecj)" \
+        -Djdt.jar="$(build-classpath ecj)" \
        -Dtomcat-dbcp.jar="HACK" \
        -Dtomcat-native.tar.gz="HACK" \
        -Dversion="%{version}" \
-        -Dversion.build="%{macro_version}"
+        -Dversion.build="%{micro_version}"
    # javadoc generation
    %{ant} -f dist.xml dist-prepare
    %{ant} -f dist.xml dist-source
    %{ant} -f dist.xml dist-javadoc
    # remove some jars that we'll replace with symlinks later
    %{__rm} output/build/bin/commons-daemon.jar \
-            output/build/lib/eclipse-ecj.jar
+            output/build/lib/ecj.jar
    # remove the cruft we created
    %{__rm} output/build/bin/HACK \
            output/build/bin/tomcat-native.tar.gz \
@ -244,8 +246,6 @@ pushd %{packdname}/output/build
    %{__cp} -a lib/*.jar ${RPM_BUILD_ROOT}%{libdir}
    %{__cp} -a webapps/* ${RPM_BUILD_ROOT}%{appdir}
 popd
 # remove admin webapp directory since it is not shipped and not available
 %{__rm} -r ${RPM_BUILD_ROOT}%{appdir}/ROOT/admin
 # javadoc
 pushd %{packdname}/output/dist/webapps
    %{__cp} -a docs/api/* ${RPM_BUILD_ROOT}%{_javadocdir}/%{name}
@ -338,7 +338,7 @@ popd
 %post lib
 %{_bindir}/build-jar-repository %{libdir} commons-collections-tomcat5 \
-    commons-dbcp-tomcat5 commons-pool-tomcat5 eclipse-ecj 2>&1
+    commons-dbcp-tomcat5 commons-pool-tomcat5 ecj 2>&1
 %post servlet-%{servletspec}-api
 %{_sbindir}/update-alternatives --install %{_javadir}/servlet.jar servlet \
@ -361,7 +361,7 @@ if [ "$1" = "0" ]; then
    %{__rm} -f %{libdir}/\[commons-collections-tomcat5\].jar \
        %{libdir}/\[commons-dbcp-tomcat5\].jar \
        %{libdir}/\[commons-pool-tomcat5\].jar \
-        %{libdir}/\[eclipse-ecj\].jar >/dev/null 2>&1
+        %{libdir}/\[ecj\].jar >/dev/null 2>&1
 fi
 %postun jsp-%{jspspec}-api
@ -434,6 +434,14 @@ fi
 %{appdir}/sample
 %changelog
 * Tue Aug 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-1.1
 - 6.0.18
 - Resolves: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938
 - fix definition of java.security.policy with d%%{name} start-security
 - don't pass $CATALINA_OPTS with d%%{name} stop
 - redefine tempdir and workdir for tmpwatch workaround
 - change eclipse-ecj references to ecj
 * Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0:6.0.16-1.8
 - drop repotag
`@ -1 +1 @@`
	`apache-tomcat-6.0.16-src.tar.gz`	`apache-tomcat-6.0.18-src.tar.gz`
`@ -1 +1 @@`
	`b2e42e8a875339e655d92975729717e5 apache-tomcat-6.0.16-src.tar.gz`	`9bdbb1c1d79302c80057a70b18fe6721 apache-tomcat-6.0.18-src.tar.gz`