commit tomcat10 for openSUSE:Factory

Source-Sync Thu, 15 Feb 2024 12:02:43 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tomcat10 for openSUSE:Factory 
checked in at 2024-02-15 21:01:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tomcat10 (Old)
 and      /work/SRC/openSUSE:Factory/.tomcat10.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "tomcat10"

Thu Feb 15 21:01:10 2024 rev:6 rq:1146831 version:10.1.18

Changes:
--------
--- /work/SRC/openSUSE:Factory/tomcat10/tomcat10.changes        2024-02-06 
16:36:26.987175151 +0100
+++ /work/SRC/openSUSE:Factory/.tomcat10.new.1815/tomcat10.changes      
2024-02-15 21:02:22.360152155 +0100
@@ -6,0 +7,6 @@
+Fri Jan 26 12:37:05 UTC 2024 - Michele Bussolotto <michele.bussolo...@suse.com>
+
+- Fixed CVEs:
+  * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tomcat10.spec ++++++
--- /var/tmp/diff_new_pack.23yXh9/_old  2024-02-15 21:02:23.088177743 +0100
+++ /var/tmp/diff_new_pack.23yXh9/_new  2024-02-15 21:02:23.092177883 +0100
@@ -593,7 +593,8 @@
 %post
 %service_add_post %{app_name}.service
 %{fillup_only %{app_name}}
-xsltproc  --output %{confdir}/server.xml %{confdir}/valve.xslt 
%{confdir}/server.xml
+chown -R tomcat:tomcat %{confdir}/server.xml
+runuser -u tomcat -g tomcat -- xsltproc --output %{confdir}/server.xml 
%{confdir}/valve.xslt %{confdir}/server.xml
 
 %preun
 %service_del_preun %{app_name}.service
@@ -665,17 +666,22 @@
     %{libdir}/\[ecj\].jar >/dev/null 2>&1
 
 %post webapps
-xsltproc --output %{tomcatappdir}/ROOT/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
-if [ ! -e %{_datadir}/%{app_name}/webapps/ROOT ]; then
-    ln -sf  %{tomcatappdir}/ROOT %{_datadir}/%{app_name}/webapps/ROOT
-fi
-xsltproc --output %{tomcatappdir}/examples/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/examples/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/examples/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/examples/META-INF/context.xml
 if [ ! -e %{_datadir}/%{app_name}/webapps/examples ]; then
     ln -sf %{tomcatappdir}/examples %{_datadir}/%{app_name}/webapps/examples
 fi
 #use the same context.xml for sample war
+mkdir -p %{tomcatappdir}/ROOT/META-INF
+chown -R tomcat:tomcat %{tomcatappdir}/ROOT/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/ROOT/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/examples/META-INF/context.xml
+if [ ! -e %{_datadir}/%{app_name}/webapps/ROOT ]; then
+    ln -sf  %{tomcatappdir}/ROOT %{_datadir}/%{app_name}/webapps/ROOT
+fi
+#use the same context.xml for sample war
 mkdir -p %{tomcatappdir}/webapps/sample/META-INF
-xsltproc --output %{tomcatappdir}/sample/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/examples/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/sample/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/sample/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/examples/META-INF/context.xml
 if [ ! -e %{_datadir}/%{app_name}/webapps/sample ]; then
     ln -sf %{tomcatappdir}/sample  %{_datadir}/%{app_name}/webapps/sample
 fi
@@ -687,18 +693,21 @@
 fi
 
 %post admin-webapps
-xsltproc --output %{tomcatappdir}/manager/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/manager/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/manager/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/manager/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/manager/META-INF/context.xml
 if [ ! -e %{_datadir}/%{app_name}/webapps/manager ]; then
     ln -sf %{tomcatappdir}/manager %{_datadir}/%{app_name}/webapps/manager
 fi
 
-xsltproc --output %{tomcatappdir}/host-manager/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/host-manager/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/host-manager/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/host-manager/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/host-manager/META-INF/context.xml
 if [ ! -e %{_datadir}/%{app_name}/webapps/host-manager ]; then
     ln -sf %{tomcatappdir}/host-manager 
%{_datadir}/%{app_name}/webapps/host-manager
 fi
 
 %post docs-webapp
-xsltproc --output %{tomcatappdir}/docs/META-INF/context.xml 
%{confdir}/allowLinking.xslt %{tomcatappdir}/docs/META-INF/context.xml
+chown -R tomcat:tomcat %{tomcatappdir}/docs/META-INF
+runuser -u tomcat -g tomcat -- xsltproc --output 
%{tomcatappdir}/docs/META-INF/context.xml %{confdir}/allowLinking.xslt 
%{tomcatappdir}/docs/META-INF/context.xml
 if [ ! -e %{_datadir}/%{app_name}/webapps/docs ]; then
     ln -sf %{tomcatappdir}/docs %{_datadir}/%{app_name}/webapps/docs
 fi

commit tomcat10 for openSUSE:Factory

Reply via email to