Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tomcat10 for openSUSE:Factory
checked in at 2025-06-24 20:50:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tomcat10 (Old)
and /work/SRC/openSUSE:Factory/.tomcat10.new.7067 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tomcat10"
Tue Jun 24 20:50:21 2025 rev:22 rq:1288242 version:10.1.42
Changes:
--------
--- /work/SRC/openSUSE:Factory/tomcat10/tomcat10.changes 2025-06-11
16:24:24.099154656 +0200
+++ /work/SRC/openSUSE:Factory/.tomcat10.new.7067/tomcat10.changes
2025-06-24 20:52:40.300983871 +0200
@@ -1,0 +2,104 @@
+Tue Jun 24 09:51:59 UTC 2025 - Michele Bussolotto <michele.bussolo...@suse.com>
+
+- Update to Tomcat 10.1.42
+ * Fixed CVEs:
+ + CVE-2025-46701: refactor CGI servlet to access resources via
+ WebResources (bsc#1243815)
+ + CVE-2025-48988: limits the total number of parts in a
+ multi-part request and limits the size of
+ the headers provided with each part (bsc#1244656)
+ + CVE-2025-49125: Expand checks for webAppMount (bsc#1244649)
+ * Catalina
+ + Add: Support for the java:module namespace which mirrors the
+ java:comp namespace.
+ + Add: Support parsing of multiple path parameters separated by ; in a
+ single URL segment. Based on pull request #860 by Chenjp.
+ + Add: Support for limiting the number of parameters in HTTP requests
+ through the new ParameterLimitValve. The valve allows configurable
+ URL-specific limits on the number of parameters.
+ + Fix: 69699: Encode redirect URL used by the rewrite valve with the
+ session id if appropriate, and handle cross context with different
+ session configuration when using rewrite.
+ + Add: #863: Support for comments at the end of lines in text rewrite
+ map files to align behaviour with Apache httpd. Pull request
+ provided by Chenjp.
+ + Fix: 69706: Saved request serialization issue in FORM introduced
+ when allowing infinite session timeouts.
+ + Fix: Expand the path checks for Pre-Resources and Post-Resources
+ mounted at a path within the web application.
+ + Fix: Use of SSS in SimpleDateFormat pattern for AccessLogValve.
+ + Fix: Process possible path parameters rewrite production in the
+ rewrite valve.
+ + Fix: 69588: Enable allowLinking to be set on PreResources,
+ JarResources and PostResources. If not set explicitly, the setting
+ will be inherited from the Resources.
+ + Add: 69633: Support for Filters using context root mappings.
+ + Fix: 69643: Optimize directory listing for large amount of files.
+ Patch submitted by Loic de l'Eprevier.
+ + Fix: #843: Off by one validation logic for partial PUT ranges and
+ associated test case. Submitted by Chenjp.
+ + Refactor: Replace the unused buffer in
+ org.apache.catalina.connector.InputBuffer with a static, zero
+ length buffer.
+ + Refactor: GCI servlet to access resources via the WebResource API.
+ + Fix: 69662: Report name in exception message when a naming lookup
+ failure occurs. Based on code submitted by Donald Smith.
+ + Fix: Ensure that the FORM authentication attribute
+ authenticationSessionTimeout works correctly when sessions have an
+ infinite timeout when authentication starts.
+ + Add: Provide a content type based on file extension when web
+ application resources are accessed via a URL.
+ * Coyote
+ + Refactor: #861: TaskQueue to use the new interface RetryableQueue
+ which enables better integration of custom Executors which provide
+ their own BlockingQueue implementation. Pull request provided by
+ Paulo Almeida.
+ + Add: Finer grained control of multi-part request processing via two
+ new attributes on the Connector element. maxPartCount limits the
+ total number of parts in a multi-part request and maxPartHeaderSize
+ limits the size of the headers provided with each part. Add support
+ for these new attributes to the ParameterLimitValve.
+ + Refactor: The SavedRequestInputFilter so the buffered data is used
+ directly rather than copied.
+ * Jasper
+ + Fix: 69696: Mark the JSP wrapper for reload after a failed
+ compilation.
+ + Fix: 69635: Add support to jakarta.el.ImportHandler for resolving
+ inner classes.
+ + Add: #842: Support for optimized execution of c:set and c:remove
+ tags, when activated via JSP servlet param
+ useNonstandardTagOptimizations.
+ + Fix: An edge case compilation bug for JSP and tag files on case
+ insensitive file systems that was exposed by the test case for
+ 69635.
+ * Web applications
+ + Fix: 69694: Improve error reporting of deployment tasks done using
+ the manager webapp when a copy operation fails.
+ + Add: 68876: Documentation. Update the UML diagrams for server
+ start-up, request processing and authentication using PlantUML and
+ include the source files for each diagram.
+ * Other
+ + Add: Thread name to webappClassLoader.stackTraceRequestThread
+ message. Patch provided by Felix Zhang.
+ + Update: Tomcat Native to 2.0.9.
+ + Update: The internal fork of Apache Commons FileUpload to 1.6.0-RC1
+ (2025-06-05).
+ + Update: EasyMock to 5.6.0.
+ + Update: Checkstyle to 10.25.0.
+ + Fix: Use the full path when the installer for Windows sets calls
+ icacls.exe to set file permissions.
+ + Update: Improvements to Japanese translations provided by tak7iji.
+ + Fix: Set sun.io.useCanonCaches in service.bat Based on pull request
+ #841 by Paul Lodge.
+ + Update: Jacoco to 0.8.13.
+ + Code: Explicitly set the locale to be used for Javadoc. For
+ official releases, this locale will be English (US) to support
+ reproducible builds.
+ + Update: Byte Buddy to 1.17.5.
+ + Update: Checkstyle to 10.23.1.
+ + Update: File extension to media type mappings to align with the
+ current list used by the Apache Web Server (httpd).
+ + Update: Improvements to French translations.
+ + Update: Improvements to Japanese translations provided by tak7iji.
+
+-------------------------------------------------------------------
Old:
----
apache-tomcat-10.1.40-src.tar.gz
apache-tomcat-10.1.40-src.tar.gz.asc
New:
----
apache-tomcat-10.1.42-src.tar.gz
apache-tomcat-10.1.42-src.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tomcat10.spec ++++++
--- /var/tmp/diff_new_pack.lq9Fpv/_old 2025-06-24 20:52:41.373028364 +0200
+++ /var/tmp/diff_new_pack.lq9Fpv/_new 2025-06-24 20:52:41.373028364 +0200
@@ -29,7 +29,7 @@
%define elspec %{elspec_major}.%{elspec_minor}
%define major_version 10
%define minor_version 1
-%define micro_version 40
+%define micro_version 42
%define java_major 1
%define java_minor 11
%define java_version %{java_major}.%{java_minor}
++++++ apache-tomcat-10.1.40-src.tar.gz -> apache-tomcat-10.1.42-src.tar.gz
++++++
/work/SRC/openSUSE:Factory/tomcat10/apache-tomcat-10.1.40-src.tar.gz
/work/SRC/openSUSE:Factory/.tomcat10.new.7067/apache-tomcat-10.1.42-src.tar.gz
differ: char 17, line 1
