packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

package init

Browse Source
This commit is contained in:
small_leek 2020-02-28 20:54:21 -05:00
parent d4f4546fce
commit b1197bfbc9
39 changed files with 2093 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2018-11784.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/webapps/docs/changelog.xml 2018-06-20 13:35:40.000000000 -0400
+++ b/webapps/docs/changelog_1.xml 2019-06-24 08:35:44.801000000 -0400
@@ -164,6 +164,10 @@
the authenticated Subject to include at least one Principal of a type
specified by <code>userClassNames</code>. (markt)
</fix>
+ <fix>
+ When generating a redirect to a directory in the Default Servlet, avoid
+ generating a protocol relative redirect. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
--- a/java/org/apache/catalina/servlets/DefaultServlet.java 2018-06-20 13:35:34.000000000 -0400
+++ b/java/org/apache/catalina/servlets/DefaultServlet_1.java 2019-06-24 08:40:08.699000000 -0400
@@ -1324,6 +1324,10 @@ public class DefaultServlet extends Http
location.append('?');
location.append(request.getQueryString());
}
+ // Avoid protocol relative redirects
+ while (location.length() > 1 && location.charAt(1) == '/') {
+ location.deleteCharAt(0);
+ }
response.sendRedirect(response.encodeRedirectURL(location.toString()));
}

75
CVE-2019-0199-1.patch Normal file
View File

@ -0,0 +1,75 @@
--- tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:17:08 1852697
+++ tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:28:01 1852698
@@ -42,8 +42,10 @@
public class Http2Protocol implements UpgradeProtocol {
static final long DEFAULT_READ_TIMEOUT = 10000;
- static final long DEFAULT_KEEP_ALIVE_TIMEOUT = -1;
static final long DEFAULT_WRITE_TIMEOUT = 10000;
+ static final long DEFAULT_KEEP_ALIVE_TIMEOUT = -1;
+ static final long DEFAULT_STREAM_READ_TIMEOUT = 20000;
+ static final long DEFAULT_STREAM_WRITE_TIMEOUT = 20000;
// The HTTP/2 specification recommends a minimum default of 100
static final long DEFAULT_MAX_CONCURRENT_STREAMS = 200;
// Maximum amount of streams which can be concurrently executed over
@@ -57,9 +59,14 @@
private static final byte[] ALPN_IDENTIFIER = ALPN_NAME.getBytes(StandardCharsets.UTF_8);
// All timeouts in milliseconds
+ // These are the socket level timeouts
private long readTimeout = DEFAULT_READ_TIMEOUT;
- private long keepAliveTimeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
private long writeTimeout = DEFAULT_WRITE_TIMEOUT;
+ private long keepAliveTimeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
+ // These are the stream level timeouts
+ private long streamReadTimeout = DEFAULT_STREAM_READ_TIMEOUT;
+ private long streamWriteTimeout = DEFAULT_STREAM_WRITE_TIMEOUT;
+
private long maxConcurrentStreams = DEFAULT_MAX_CONCURRENT_STREAMS;
private int maxConcurrentStreamExecution = DEFAULT_MAX_CONCURRENT_STREAM_EXECUTION;
// If a lower initial value is required, set it here but DO NOT change the
@@ -145,6 +152,16 @@
}
+ public long getWriteTimeout() {
+ return writeTimeout;
+ }
+
+
+ public void setWriteTimeout(long writeTimeout) {
+ this.writeTimeout = writeTimeout;
+ }
+
+
public long getKeepAliveTimeout() {
return keepAliveTimeout;
}
@@ -155,13 +172,23 @@
}
- public long getWriteTimeout() {
- return writeTimeout;
+ public long getStreamReadTimeout() {
+ return streamReadTimeout;
}
- public void setWriteTimeout(long writeTimeout) {
- this.writeTimeout = writeTimeout;
+ public void setStreamReadTimeout(long streamReadTimeout) {
+ this.streamReadTimeout = streamReadTimeout;
+ }
+
+
+ public long getStreamWriteTimeout() {
+ return streamWriteTimeout;
+ }
+
+
+ public void setStreamWriteTimeout(long streamWriteTimeout) {
+ this.streamWriteTimeout = streamWriteTimeout;
}

13
CVE-2019-0199-10.patch Normal file
View File

@ -0,0 +1,13 @@
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java 2019-06-09 21:03:54.790000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java 2019-06-09 21:05:12.133000000 -0400
@@ -905,7 +905,7 @@ class Stream extends AbstractStream impl
throw new IOException(sm.getString("stream.inputBuffer.reset"));
}
- if (inBuffer.position() == 0) {
+ if (inBuffer.position() == 0 && isActive() && !isInputFinished()) {
String msg = sm.getString("stream.inputBuffer.readTimeout");
StreamException se = new StreamException(
msg, Http2Error.ENHANCE_YOUR_CALM, getIdAsInt());

21
CVE-2019-0199-11.patch Normal file
View File

@ -0,0 +1,21 @@
--- a/java/org/apache/coyote/http2/Stream.java 2019-06-11 21:24:19.998000000 -0400
+++ b/java/org/apache/coyote/http2/Stream_1.java 2019-06-11 21:26:18.329000000 -0400
@@ -221,7 +221,7 @@ class Stream extends AbstractStream impl
if (windowSize == 0) {
String msg = sm.getString("stream.writeTimeout");
StreamException se = new StreamException(
- msg, Http2Error.ENHANCE_YOUR_CALM, getIdAsInt());
+ msg, Http2Error.ENHANCE_YOUR_CALM, getIdentifier().intValue());
// Prevent the application making further writes
streamOutputBuffer.closed = true;
// Prevent Tomcat's error handling trying to write
@@ -908,7 +908,7 @@ class Stream extends AbstractStream impl
if (inBuffer.position() == 0 && isActive() && !isInputFinished()) {
String msg = sm.getString("stream.inputBuffer.readTimeout");
StreamException se = new StreamException(
- msg, Http2Error.ENHANCE_YOUR_CALM, getIdAsInt());
+ msg, Http2Error.ENHANCE_YOUR_CALM, getIdentifier().intValue());
// Trigger a reset once control returns to Tomcat
coyoteResponse.setError();
streamOutputBuffer.reset = se;

246
CVE-2019-0199-2.patch Normal file
View File

@ -0,0 +1,246 @@
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/catalina/connector/OutputBuffer.java apache-tomcat-9.0.10-src-bak/java/org/apache/catalina/connector/OutputBuffer.java
--- apache-tomcat-9.0.10-src/java/org/apache/catalina/connector/OutputBuffer.java 2018-06-20 13:35:33.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/catalina/connector/OutputBuffer.java 2019-06-09 20:28:02.836000000 -0400
@@ -33,6 +33,7 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.Globals;
import org.apache.coyote.ActionCode;
+import org.apache.coyote.CloseNowException;
import org.apache.coyote.Response;
import org.apache.tomcat.util.buf.C2BConverter;
import org.apache.tomcat.util.res.StringManager;
@@ -326,6 +327,13 @@ public class OutputBuffer extends Writer
// real write to the adapter
try {
coyoteResponse.doWrite(buf);
+ } catch (CloseNowException e) {
+ // Catch this sub-class as it requires specific handling.
+ // Examples where this exception is thrown:
+ // - HTTP/2 stream timeout
+ // Prevent further output for this response
+ closed = true;
+ throw e;
} catch (IOException e) {
// An IOException on a write is almost always due to
// the remote client aborting the request. Wrap this
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/catalina/core/StandardWrapperValve.java apache-tomcat-9.0.10-src-bak/java/org/apache/catalina/core/StandardWrapperValve.java
--- apache-tomcat-9.0.10-src/java/org/apache/catalina/core/StandardWrapperValve.java 2018-06-20 13:35:34.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/catalina/core/StandardWrapperValve.java 2019-06-09 20:33:27.596000000 -0400
@@ -36,6 +36,7 @@ import org.apache.catalina.connector.Cli
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
+import org.apache.coyote.CloseNowException;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.log.SystemLogHandler;
@@ -201,7 +202,7 @@ final class StandardWrapperValve
}
}
- } catch (ClientAbortException e) {
+ } catch (ClientAbortException | CloseNowException e) {
throwable = e;
exception(request, response, e);
} catch (IOException e) {
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/LocalStrings.properties apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/LocalStrings.properties
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/LocalStrings.properties 2018-06-20 13:35:35.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/LocalStrings.properties 2019-06-09 20:34:32.307000000 -0400
@@ -93,6 +93,7 @@ stream.reset.fail=Connection [{0}], Stre
stream.reset.receive=Connection [{0}], Stream [{1}], Reset received due to [{2}]
stream.reset.send=Connection [{0}], Stream [{1}], Reset sent due to [{2}]
stream.trailerHeader.noEndOfStream=Connection [{0}], Stream [{1}], The trailer headers did not include the end of stream flag
+stream.writeTimeout=Timeout waiting for client to increase flow control window to permit stream data to be written
stream.inputBuffer.copy=Copying [{0}] bytes from inBuffer to outBuffer
stream.inputBuffer.dispatch=Data added to inBuffer when read interest is registered. Triggering a read dispatch
@@ -149,4 +150,4 @@ upgradeHandler.writeHeaders=Connection [
upgradeHandler.writePushHeaders=Connection [{0}], Stream [{1}], Pushed stream [{2}], EndOfStream [{3}]
writeStateMachine.endWrite.ise=It is illegal to specify [{0}] for the new state once a write has completed
-writeStateMachine.ise=It is illegal to call [{0}()] in state [{1}]
\ No newline at end of file
+writeStateMachine.ise=It is illegal to call [{0}()] in state [{1}]
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java 2018-06-20 13:35:35.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java 2019-06-09 20:38:30.109000000 -0400
@@ -211,7 +211,21 @@ class Stream extends AbstractStream impl
}
try {
if (block) {
- wait();
+ wait(handler.getProtocol().getStreamWriteTimeout());
+ windowSize = getWindowSize();
+ if (windowSize == 0) {
+ String msg = sm.getString("stream.writeTimeout");
+ StreamException se = new StreamException(
+ msg, Http2Error.ENHANCE_YOUR_CALM, getIdAsInt());
+ // Prevent the application making further writes
+ streamOutputBuffer.closed = true;
+ // Prevent Tomcat's error handling trying to write
+ coyoteResponse.setError();
+ coyoteResponse.setErrorReported();
+ // Trigger a reset once control returns to Tomcat
+ streamOutputBuffer.reset = se;
+ throw new CloseNowException(msg, se);
+ }
} else {
return 0;
}
@@ -221,7 +235,6 @@ class Stream extends AbstractStream impl
// Stream.
throw new IOException(e);
}
- windowSize = getWindowSize();
}
int allocation;
if (windowSize < reservation) {
@@ -660,6 +673,9 @@ class Stream extends AbstractStream impl
return !streamOutputBuffer.endOfStreamSent;
}
+ StreamException getResetException() {
+ return streamOutputBuffer.reset;
+ }
private static void push(final Http2UpgradeHandler handler, final Request request,
final Stream stream) throws IOException {
@@ -707,6 +723,7 @@ class Stream extends AbstractStream impl
private final ByteBuffer buffer = ByteBuffer.allocate(8 * 1024);
private volatile long written = 0;
private volatile boolean closed = false;
+ private volatile StreamException reset = null;
private volatile boolean endOfStreamSent = false;
/* The write methods are synchronized to ensure that only one thread at
@@ -800,9 +817,14 @@ class Stream extends AbstractStream impl
@Override
public final void end() throws IOException {
- closed = true;
- flush(true);
- writeTrailers();
+ if (reset != null) {
+ throw new CloseNowException(reset);
+ }
+ if (!closed) {
+ closed = true;
+ flush(true);
+ writeTrailers();
+ }
}
/**
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/StreamProcessor.java apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/StreamProcessor.java
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/StreamProcessor.java 2018-06-20 13:35:35.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/StreamProcessor.java 2019-06-09 20:40:08.789000000 -0400
@@ -78,10 +78,13 @@ class StreamProcessor extends AbstractPr
stream.getIdentifier()), Http2Error.INTERNAL_ERROR);
stream.close(ce);
} else if (!getErrorState().isIoAllowed()) {
- StreamException se = new StreamException(sm.getString(
- "streamProcessor.error.stream", stream.getConnectionId(),
- stream.getIdentifier()), Http2Error.INTERNAL_ERROR,
- stream.getIdentifier().intValue());
+ StreamException se = stream.getResetException();
+ if (se == null) {
+ se = new StreamException(sm.getString(
+ "streamProcessor.error.stream", stream.getConnectionId(),
+ stream.getIdentifier()), Http2Error.INTERNAL_ERROR,
+ stream.getIdentifier().intValue());
+ }
stream.close(se);
}
}
diff -Nurp apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/Http2TestBase.java apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/Http2TestBase.java
--- apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/Http2TestBase.java 2018-06-20 13:35:38.000000000 -0400
+++ apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/Http2TestBase.java 2019-06-09 20:41:45.113000000 -0400
@@ -486,8 +486,10 @@ public abstract class Http2TestBase exte
Http2Protocol http2Protocol = new Http2Protocol();
// Short timeouts for now. May need to increase these for CI systems.
http2Protocol.setReadTimeout(2000);
- http2Protocol.setKeepAliveTimeout(5000);
http2Protocol.setWriteTimeout(2000);
+ http2Protocol.setKeepAliveTimeout(5000);
+ http2Protocol.setStreamReadTimeout(1000);
+ http2Protocol.setStreamWriteTimeout(1000);
http2Protocol.setMaxConcurrentStreams(maxConcurrentStreams);
connector.addUpgradeProtocol(http2Protocol);
}
diff -Nurp apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/TestHttp2Timeouts.java apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/TestHttp2Timeouts.java
--- apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/TestHttp2Timeouts.java 1969-12-31 19:00:00.000000000 -0500
+++ apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/TestHttp2Timeouts.java 2019-06-09 20:42:38.095000000 -0400
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.coyote.http2;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestHttp2Timeouts extends Http2TestBase {
+
+ @Override
+ @Before
+ public void http2Connect() throws Exception {
+ super.http2Connect();
+ sendSettings(0, false, new SettingValue(Setting.INITIAL_WINDOW_SIZE.getId(), 0));
+ }
+
+
+ /*
+ * Simple request won't fill buffer so timeout will occur in Tomcat internal
+ * code during response completion.
+ */
+ @Test
+ public void testClientWithEmptyWindow() throws Exception {
+ sendSimpleGetRequest(3);
+
+ // Settings
+ parser.readFrame(false);
+ // Headers
+ parser.readFrame(false);
+
+ output.clearTrace();
+
+ parser.readFrame(false);
+ Assert.assertEquals("3-RST-[11]\n", output.getTrace());
+ }
+
+
+ /*
+ * Large request will fill buffer so timeout will occur in application code
+ * during response write (when Tomcat commits the response and flushes the
+ * buffer as a result of the buffer filling).
+ */
+ @Test
+ public void testClientWithEmptyWindowLargeResponse() throws Exception {
+ sendLargeGetRequest(3);
+
+ // Settings
+ parser.readFrame(false);
+ // Headers
+ parser.readFrame(false);
+
+ output.clearTrace();
+
+ parser.readFrame(false);
+ Assert.assertEquals("3-RST-[11]\n", output.getTrace());
+ }
+
+}

202
CVE-2019-0199-3.patch Normal file
View File

@ -0,0 +1,202 @@
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/LocalStrings.properties apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/LocalStrings.properties
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/LocalStrings.properties 2019-06-09 20:45:15.320000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/LocalStrings.properties 2019-06-09 20:46:36.793000000 -0400
@@ -98,6 +98,7 @@ stream.writeTimeout=Timeout waiting for
stream.inputBuffer.copy=Copying [{0}] bytes from inBuffer to outBuffer
stream.inputBuffer.dispatch=Data added to inBuffer when read interest is registered. Triggering a read dispatch
stream.inputBuffer.empty=The Stream input buffer is empty. Waiting for more data
+stream.inputBuffer.readTimeout=Timeout waiting to read data from client
stream.inputBuffer.reset=Stream reset
stream.inputBuffer.signal=Data added to inBuffer when read thread is waiting. Signalling that thread to continue
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java 2019-06-09 20:45:15.321000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java 2019-06-09 20:48:21.509000000 -0400
@@ -888,10 +888,22 @@ class Stream extends AbstractStream impl
if (log.isDebugEnabled()) {
log.debug(sm.getString("stream.inputBuffer.empty"));
}
- inBuffer.wait();
+
+ inBuffer.wait(handler.getProtocol().getStreamReadTimeout());
+
if (reset) {
throw new IOException(sm.getString("stream.inputBuffer.reset"));
}
+
+ if (inBuffer.position() == 0) {
+ String msg = sm.getString("stream.inputBuffer.readTimeout");
+ StreamException se = new StreamException(
+ msg, Http2Error.ENHANCE_YOUR_CALM, getIdAsInt());
+ // Trigger a reset once control returns to Tomcat
+ coyoteResponse.setError();
+ streamOutputBuffer.reset = se;
+ throw new CloseNowException(msg, se);
+ }
} catch (InterruptedException e) {
// Possible shutdown / rst or similar. Use an
// IOException to signal to the client that further I/O
diff -Nurp apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/Http2TestBase.java apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/Http2TestBase.java
--- apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/Http2TestBase.java 2019-06-09 20:45:15.323000000 -0400
+++ apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/Http2TestBase.java 2019-06-09 20:53:54.809000000 -0400
@@ -28,6 +28,7 @@ import java.nio.charset.StandardCharsets
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
+import java.util.Map;
import java.util.Random;
import javax.net.SocketFactory;
@@ -300,6 +301,22 @@ public abstract class Http2TestBase exte
}
}
+ protected void sendParameterPostRequest(int streamId, byte[] padding, String body,
+ long contentLength, boolean useExpectation) throws IOException {
+ byte[] headersFrameHeader = new byte[9];
+ ByteBuffer headersPayload = ByteBuffer.allocate(128);
+ byte[] dataFrameHeader = new byte[9];
+ ByteBuffer dataPayload = ByteBuffer.allocate(128);
+
+ buildPostRequest(headersFrameHeader, headersPayload, useExpectation,
+ "application/x-www-form-urlencoded", contentLength, "/parameter", dataFrameHeader,
+ dataPayload, padding, null, null, streamId);
+ writeFrame(headersFrameHeader, headersPayload);
+ if (body != null) {
+ dataPayload.put(body.getBytes(StandardCharsets.ISO_8859_1));
+ writeFrame(dataFrameHeader, dataPayload);
+ }
+ }
protected void buildPostRequest(byte[] headersFrameHeader, ByteBuffer headersPayload,
boolean useExpectation, byte[] dataFrameHeader, ByteBuffer dataPayload, byte[] padding,
@@ -311,14 +328,29 @@ public abstract class Http2TestBase exte
protected void buildPostRequest(byte[] headersFrameHeader, ByteBuffer headersPayload,
boolean useExpectation, byte[] dataFrameHeader, ByteBuffer dataPayload, byte[] padding,
byte[] trailersFrameHeader, ByteBuffer trailersPayload, int streamId) {
+ buildPostRequest(headersFrameHeader, headersPayload, useExpectation, null, -1, "/simple",
+ dataFrameHeader, dataPayload, padding, trailersFrameHeader, trailersPayload, streamId);
+ }
+
+ protected void buildPostRequest(byte[] headersFrameHeader, ByteBuffer headersPayload,
+ boolean useExpectation, String contentType, long contentLength, String path,
+ byte[] dataFrameHeader, ByteBuffer dataPayload, byte[] padding,
+ byte[] trailersFrameHeader, ByteBuffer trailersPayload, int streamId) {
+
MimeHeaders headers = new MimeHeaders();
headers.addValue(":method").setString("POST");
headers.addValue(":scheme").setString("http");
- headers.addValue(":path").setString("/simple");
+ headers.addValue(":path").setString(path);
headers.addValue(":authority").setString("localhost:" + getPort());
if (useExpectation) {
headers.addValue("expect").setString("100-continue");
}
+ if (contentType != null) {
+ headers.addValue("content-type").setString(contentType);
+ }
+ if (contentLength > -1) {
+ headers.addValue("content-length").setLong(contentLength);
+ }
hpackEncoder.encode(headers, headersPayload);
headersPayload.flip();
@@ -507,6 +539,8 @@ public abstract class Http2TestBase exte
ctxt.addServletMappingDecoded("/large", "large");
Tomcat.addServlet(ctxt, "cookie", new CookieServlet());
ctxt.addServletMappingDecoded("/cookie", "cookie");
+ Tomcat.addServlet(ctxt, "parameter", new ParameterServlet());
+ ctxt.addServletMappingDecoded("/parameter", "parameter");
tomcat.start();
}
@@ -1205,6 +1239,24 @@ public abstract class Http2TestBase exte
}
}
+
+ static class ParameterServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Map<String,String[]> params = req.getParameterMap();
+
+ resp.setContentType("text/plain");
+ resp.setCharacterEncoding("UTF-8");
+
+ resp.getWriter().print(params.size());
+ }
+ }
+
static class SettingValue {
private final int setting;
diff -Nurp apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/TestHttp2Timeouts.java apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/TestHttp2Timeouts.java
--- apache-tomcat-9.0.10-src/test/org/apache/coyote/http2/TestHttp2Timeouts.java 2019-06-09 20:45:15.323000000 -0400
+++ apache-tomcat-9.0.10-src-bak/test/org/apache/coyote/http2/TestHttp2Timeouts.java 2019-06-09 20:57:22.652000000 -0400
@@ -26,7 +26,6 @@ public class TestHttp2Timeouts extends H
@Before
public void http2Connect() throws Exception {
super.http2Connect();
- sendSettings(0, false, new SettingValue(Setting.INITIAL_WINDOW_SIZE.getId(), 0));
}
@@ -36,7 +35,7 @@ public class TestHttp2Timeouts extends H
*/
@Test
public void testClientWithEmptyWindow() throws Exception {
- sendSimpleGetRequest(3);
+ sendSettings(0, false, new SettingValue(Setting.INITIAL_WINDOW_SIZE.getId(), 0));
// Settings
parser.readFrame(false);
@@ -57,6 +56,7 @@ public class TestHttp2Timeouts extends H
*/
@Test
public void testClientWithEmptyWindowLargeResponse() throws Exception {
+ sendSettings(0, false, new SettingValue(Setting.INITIAL_WINDOW_SIZE.getId(), 0));
sendLargeGetRequest(3);
// Settings
@@ -70,4 +70,36 @@ public class TestHttp2Timeouts extends H
Assert.assertEquals("3-RST-[11]\n", output.getTrace());
}
+ /*
+ * Timeout with app reading request body directly.
+ */
+ @Test
+ public void testClientPostsNoBody() throws Exception {
+ sendSimplePostRequest(3, null, false);
+
+ // Headers
+ parser.readFrame(false);
+ output.clearTrace();
+
+ parser.readFrame(false);
+
+ Assert.assertEquals("3-RST-[11]\n", output.getTrace());
+ }
+
+
+ /*
+ * Timeout with app processing parameters.
+ */
+ @Test
+ public void testClientPostsNoParameters() throws Exception {
+ sendParameterPostRequest(3, null, null, 10, false);
+
+ // Headers
+ parser.readFrame(false);
+ output.clearTrace();
+
+ parser.readFrame(false);
+
+ Assert.assertEquals("3-RST-[11]\n", output.getTrace());
+ }
}

38
CVE-2019-0199-4.patch Normal file
View File

@ -0,0 +1,38 @@
--- tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:28:14 1852700
+++ tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:28:18 1852701
@@ -41,9 +41,9 @@
public class Http2Protocol implements UpgradeProtocol {
- static final long DEFAULT_READ_TIMEOUT = 10000;
- static final long DEFAULT_WRITE_TIMEOUT = 10000;
- static final long DEFAULT_KEEP_ALIVE_TIMEOUT = -1;
+ static final long DEFAULT_READ_TIMEOUT = 5000;
+ static final long DEFAULT_WRITE_TIMEOUT = 5000;
+ static final long DEFAULT_KEEP_ALIVE_TIMEOUT = 20000;
static final long DEFAULT_STREAM_READ_TIMEOUT = 20000;
static final long DEFAULT_STREAM_WRITE_TIMEOUT = 20000;
// The HTTP/2 specification recommends a minimum default of 100
--- tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:14 1852700
+++ tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:18 1852701
@@ -329,9 +329,16 @@
}
}
}
- // No more frames to read so switch to the keep-alive
- // timeout.
- socketWrapper.setReadTimeout(protocol.getKeepAliveTimeout());
+
+ if (activeRemoteStreamCount.get() == 0) {
+ // No streams currently active. Use the keep-alive
+ // timeout for the connection.
+ socketWrapper.setReadTimeout(protocol.getKeepAliveTimeout());
+ } else {
+ // Streams currently active. Individual streams have
+ // timeouts so keep the connection open.
+ socketWrapper.setReadTimeout(-1);
+ }
} catch (Http2Exception ce) {
// Really ConnectionException
if (log.isDebugEnabled()) {

143
CVE-2019-0199-5.patch Normal file
View File

@ -0,0 +1,143 @@
--- tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:28:18 1852701
+++ tomcat/java/org/apache/coyote/http2/Http2Protocol.java 2019/02/01 10:28:22 1852702
@@ -54,6 +54,8 @@
// This default is defined by the HTTP/2 specification
static final int DEFAULT_INITIAL_WINDOW_SIZE = (1 << 16) - 1;
+ static final int DEFAULT_OVERHEAD_COUNT_FACTOR = 1;
+
private static final String HTTP_UPGRADE_NAME = "h2c";
private static final String ALPN_NAME = "h2";
private static final byte[] ALPN_IDENTIFIER = ALPN_NAME.getBytes(StandardCharsets.UTF_8);
@@ -79,6 +81,8 @@
private int maxHeaderSize = Constants.DEFAULT_MAX_HEADER_SIZE;
private int maxTrailerCount = Constants.DEFAULT_MAX_TRAILER_COUNT;
private int maxTrailerSize = Constants.DEFAULT_MAX_TRAILER_SIZE;
+ private int overheadCountFactor = DEFAULT_OVERHEAD_COUNT_FACTOR;
+
private boolean initiatePingDisabled = false;
private boolean useSendfile = true;
// Compression
@@ -306,6 +310,16 @@
}
+ public int getOverheadCountFactor() {
+ return overheadCountFactor;
+ }
+
+
+ public void setOverheadCountFactor(int overheadCountFactor) {
+ this.overheadCountFactor = overheadCountFactor;
+ }
+
+
public void setInitiatePingDisabled(boolean initiatePingDisabled) {
this.initiatePingDisabled = initiatePingDisabled;
}
--- tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:18 1852701
+++ tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:22 1852702
@@ -30,6 +30,7 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import javax.servlet.http.WebConnection;
@@ -139,6 +140,9 @@
private AtomicInteger streamConcurrency = null;
private Queue<StreamRunnable> queuedRunnable = null;
+ // Track 'overhead' frames vs 'request/response' frames
+ private final AtomicLong overheadCount = new AtomicLong(-10);
+
Http2UpgradeHandler(Http2Protocol protocol, Adapter adapter, Request coyoteRequest) {
super (STREAM_ID_ZERO);
@@ -330,6 +334,10 @@
}
}
+ if (overheadCount.get() > 0) {
+ throw new ConnectionException("Too much overhead", Http2Error.ENHANCE_YOUR_CALM);
+ }
+
if (activeRemoteStreamCount.get() == 0) {
// No streams currently active. Use the keep-alive
// timeout for the connection.
@@ -638,6 +646,9 @@
log.debug(sm.getString("upgradeHandler.writeBody", connectionId, stream.getIdentifier(),
Integer.toString(len)));
}
+
+ reduceOverheadCount();
+
// Need to check this now since sending end of stream will change this.
boolean writeable = stream.canWrite();
byte[] header = new byte[9];
@@ -1193,6 +1204,16 @@
}
+ private void reduceOverheadCount() {
+ overheadCount.decrementAndGet();
+ }
+
+
+ private void increaseOverheadCount() {
+ overheadCount.addAndGet(getProtocol().getOverheadCountFactor());
+ }
+
+
// ----------------------------------------------- Http2Parser.Input methods
@Override
@@ -1247,6 +1268,7 @@
@Override
public ByteBuffer startRequestBodyFrame(int streamId, int payloadSize) throws Http2Exception {
+ reduceOverheadCount();
Stream stream = getStream(streamId, true);
stream.checkState(FrameType.DATA);
stream.receivedData(payloadSize);
@@ -1291,6 +1313,8 @@
// determines if a new stream is created or if this stream is ignored.
checkPauseState();
+ reduceOverheadCount();
+
if (connectionState.get().isNewStreamAllowed()) {
Stream stream = getStream(streamId, false);
if (stream == null) {
@@ -1340,6 +1364,9 @@
throw new ConnectionException(sm.getString("upgradeHandler.dependency.invalid",
getConnectionId(), Integer.valueOf(streamId)), Http2Error.PROTOCOL_ERROR);
}
+
+ increaseOverheadCount();
+
Stream stream = getStream(streamId, false);
if (stream == null) {
stream = createRemoteStream(streamId);
@@ -1384,6 +1411,9 @@
@Override
public void setting(Setting setting, long value) throws ConnectionException {
+
+ increaseOverheadCount();
+
// Special handling required
if (setting == Setting.INITIAL_WINDOW_SIZE) {
long oldValue = remoteSettings.getInitialWindowSize();
@@ -1425,6 +1455,9 @@
@Override
public void pingReceive(byte[] payload, boolean ack) throws IOException {
+ if (!ack) {
+ increaseOverheadCount();
+ }
pingManager.receivePing(payload, ack);
}

51
CVE-2019-0199-6.patch Normal file
View File

@ -0,0 +1,51 @@
--- tomcat/webapps/docs/config/http2.xml 2019/02/01 10:28:22 1852702
+++ tomcat/webapps/docs/config/http2.xml 2019/02/01 10:28:26 1852703
@@ -125,9 +125,9 @@
<attribute name="keepAliveTimeout" required="false">
<p>The time, in milliseconds, that Tomcat will wait between HTTP/2 frames
- before closing the connection. Negative values will be treated as an
- infinite timeout. If not specified, a default value of <code>-1</code>
- will be used.</p>
+ when there is no active Stream before closing the connection. Negative
+ values will be treated as an infinite timeout. If not specified, a default
+ value of <code>20000</code> will be used.</p>
</attribute>
<attribute name="maxConcurrentStreamExecution" required="false">
@@ -192,7 +192,24 @@
<p>The time, in milliseconds, that Tomcat will wait for additional data
when a partial HTTP/2 frame has been received. Negative values will be
treated as an infinite timeout. If not specified, a default value of
- <code>10000</code> will be used.</p>
+ <code>5000</code> will be used.</p>
+ </attribute>
+
+ <attribute name="streamReadTimeout" required="false">
+ <p>The time, in milliseconds, that Tomcat will wait for additional data
+ frames to arrive for the stream when an application is performing a
+ blocking I/O read and additional data is required. Negative values will be
+ treated as an infinite timeout. If not specified, a default value of
+ <code>20000</code> will be used.</p>
+ </attribute>
+
+ <attribute name="streamWriteTimeout" required="false">
+ <p>The time, in milliseconds, that Tomcat will wait for additional window
+ update frames to arrive for the stream and/or conenction when an
+ application is performing a blocking I/O write and the stream and/or
+ connection flow control window is too small for the write to complete.
+ Negative values will be treated as an infinite timeout. If not specified,
+ a default value of <code>20000</code> will be used.</p>
</attribute>
<attribute name="useSendfile" required="false">
@@ -204,7 +221,7 @@
<p>The time, in milliseconds, that Tomcat will wait to write additional
data when an HTTP/2 frame has been partially written. Negative values will
be treated as an infinite timeout. If not specified, a default value of
- <code>10000</code> will be used.</p>
+ <code>5000</code> will be used.</p>
</attribute>
</attributes>

32
CVE-2019-0199-7.patch Normal file
View File

@ -0,0 +1,32 @@
diff -Nurp apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java
--- apache-tomcat-9.0.10-src/java/org/apache/coyote/http2/Stream.java 2019-06-09 20:59:53.027000000 -0400
+++ apache-tomcat-9.0.10-src-bak/java/org/apache/coyote/http2/Stream.java 2019-06-09 21:02:31.878000000 -0400
@@ -211,7 +211,12 @@ class Stream extends AbstractStream impl
}
try {
if (block) {
- wait(handler.getProtocol().getStreamWriteTimeout());
+ long writeTimeout = handler.getProtocol().getStreamWriteTimeout();
+ if (writeTimeout < 0) {
+ wait();
+ } else {
+ wait(writeTimeout);
+ }
windowSize = getWindowSize();
if (windowSize == 0) {
String msg = sm.getString("stream.writeTimeout");
@@ -889,7 +894,12 @@ class Stream extends AbstractStream impl
log.debug(sm.getString("stream.inputBuffer.empty"));
}
- inBuffer.wait(handler.getProtocol().getStreamReadTimeout());
+ long readTimeout = handler.getProtocol().getStreamReadTimeout();
+ if (readTimeout < 0) {
+ inBuffer.wait();
+ } else {
+ inBuffer.wait(readTimeout);
+ }
if (reset) {
throw new IOException(sm.getString("stream.inputBuffer.reset"));

24
CVE-2019-0199-8.patch Normal file
View File

@ -0,0 +1,24 @@
--- tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:30 1852704
+++ tomcat/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2019/02/01 10:28:34 1852705
@@ -335,7 +335,9 @@
}
if (overheadCount.get() > 0) {
- throw new ConnectionException("Too much overhead", Http2Error.ENHANCE_YOUR_CALM);
+ throw new ConnectionException(
+ sm.getString("upgradeHandler.tooMuchOverhead", connectionId),
+ Http2Error.ENHANCE_YOUR_CALM);
}
if (activeRemoteStreamCount.get() == 0) {
--- tomcat/java/org/apache/coyote/http2/LocalStrings.properties 2019/02/01 10:28:30 1852704
+++ tomcat/java/org/apache/coyote/http2/LocalStrings.properties 2019/02/01 10:28:34 1852705
@@ -141,6 +141,7 @@
upgradeHandler.stream.notWritable=Connection [{0}], Stream [{1}], This stream is not writable
upgradeHandler.stream.old=A new remote stream ID of [{0}] was requested but the most recent stream was [{1}]
upgradeHandler.tooManyRemoteStreams=The client attempted to use more than [{0}] active streams
+upgradeHandler.tooMuchOverhead=Connection [{0}], Too much overhead so the connection will be closed
upgradeHandler.unexpectedAck=Connection [{0}], Stream [{1}], A settings acknowledgement was received when not expected
upgradeHandler.unexpectedEos=Unexpected end of stream
upgradeHandler.upgrade=Connection [{0}], HTTP/1.1 upgrade to stream [1]

24
CVE-2019-0199-9.patch Normal file
View File

@ -0,0 +1,24 @@
--- tomcat/webapps/docs/config/http2.xml 2019/02/01 10:28:34 1852705
+++ tomcat/webapps/docs/config/http2.xml 2019/02/01 10:28:38 1852706
@@ -188,6 +188,20 @@
The default value is an empty String (regexp matching disabled).</p>
</attribute>
+ <attribute name="overheadCountFactor" required="false">
+ <p>The factor to apply when counting overhead frames to determine if a
+ connection has too high an overhead and should be closed. The overhead
+ count starts at <code>-10</code>. The count is decreased for each
+ data frame sent or received and each headers frame received. The count is
+ increased by the <code>overheadCountFactor</code>for each setting
+ received, priority frame received and ping received. If the overhead count
+ exceeds zero, the connection is closed. A value of less than
+ <code>1</code> disables this protection. In normal usage a value of
+ <code>3</code> or more will close the connection before any streams can
+ complete. If not specified, a default value of <code>1</code> will be
+ used.</p>
+ </attribute>
+
<attribute name="readTimeout" required="false">
<p>The time, in milliseconds, that Tomcat will wait for additional data
when a partial HTTP/2 frame has been received. Negative values will be

44
CVE-2019-0221.patch Normal file
View File

@ -0,0 +1,44 @@
From 15fcd166ea2c1bb79e8541b8e1a43da9c452ceea Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 11 Mar 2019 11:33:03 +0000
Subject: [PATCH] Escape debug output to aid readability
reason: Escape debug output to aid readability, fix CVE CVE-2019-0221
https://github.com/apache/tomcat/commit/15fcd16
---
java/org/apache/catalina/ssi/SSIPrintenv.java | 3 +--
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/ssi/SSIPrintenv.java b/java/org/apache/catalina/ssi/SSIPrintenv.java
index 97470b2..092542f 100644
--- a/java/org/apache/catalina/ssi/SSIPrintenv.java
+++ b/java/org/apache/catalina/ssi/SSIPrintenv.java
@@ -41,8 +41,7 @@ public class SSIPrintenv implements SSICommand {
} else {
Collection<String> variableNames = ssiMediator.getVariableNames();
for (String variableName : variableNames) {
- String variableValue = ssiMediator
- .getVariableValue(variableName);
+ String variableValue = ssiMediator.getVariableValue(variableName, "entity");
//This shouldn't happen, since all the variable names must
// have values
if (variableValue == null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 697cf07..cbd3961 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,6 +52,9 @@
<code>Expires</code> header as required by HTTP specification
(RFC 7231, 7234). (kkolinko)
</fix>
+ <fix>
+ Encode the output of the SSI <code>printenv</code> command. (markt)
+ </fix>
</changelog>
</subsection>
</section>
--
1.8.3.1

129
CVE-2019-10072-1.patch Normal file
View File

@ -0,0 +1,129 @@
From 7f748eb6bfaba5207c89dbd7d5adf50fae847145 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 30 Apr 2019 22:18:12 +0100
Subject: [PATCH] Expand HTTP/2 timeout handling to connection window
exhaustion on write.
https://github.com/apache/tomcat/commit/7f748eb
---
.../coyote/http2/Http2UpgradeHandler.java | 32 +++++++++++++++++--
java/org/apache/coyote/http2/Stream.java | 27 +++++++++-------
webapps/docs/changelog.xml | 4 +++
3 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index 1d8770a..ab0369a 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -794,7 +794,26 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH
}
if (allocation == 0) {
try {
- stream.wait();
+ // Connection level window is empty. Although this
+ // request is for a stream, use the connection
+ // timeout
+ long writeTimeout = protocol.getWriteTimeout();
+ if (writeTimeout < 0) {
+ stream.wait();
+ } else {
+ stream.wait(writeTimeout);
+ }
+ // Has this stream been granted an allocation
+ int[] value = backLogStreams.get(stream);
+ if (value[1] == 0) {
+ // No allocation
+ // Close the connection. Do this first since
+ // closing the stream will raise an exception
+ close();
+ // Close the stream (in app code so need to
+ // signal to app stream is closing)
+ stream.doWriteTimeout();
+ }
} catch (InterruptedException e) {
throw new IOException(sm.getString(
"upgradeHandler.windowSizeReservationInterrupted", connectionId,
@@ -985,11 +1004,20 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH
private void close() {
- connectionState.set(ConnectionState.CLOSED);
+ ConnectionState previous = connectionState.getAndSet(ConnectionState.CLOSED);
+ if (previous == ConnectionState.CLOSED) {
+ // Already closed
+ return;
+ }
+
for (Stream stream : streams.values()) {
// The connection is closing. Close the associated streams as no
// longer required.
stream.receiveReset(Http2Error.CANCEL.getCode());
+ // Release any streams waiting for an allocation
+ synchronized (stream) {
+ stream.notifyAll();
+ }
}
try {
socketWrapper.close();
diff --git a/java/org/apache/coyote/http2/Stream.java b/java/org/apache/coyote/http2/Stream.java
index 2c4f67e..8b87b12 100644
--- a/java/org/apache/coyote/http2/Stream.java
+++ b/java/org/apache/coyote/http2/Stream.java
@@ -219,17 +219,7 @@ class Stream extends AbstractStream implements HeaderEmitter {
}
windowSize = getWindowSize();
if (windowSize == 0) {
- String msg = sm.getString("stream.writeTimeout");
- StreamException se = new StreamException(
- msg, Http2Error.ENHANCE_YOUR_CALM, getIdentifier().intValue());
- // Prevent the application making further writes
- streamOutputBuffer.closed = true;
- // Prevent Tomcat's error handling trying to write
- coyoteResponse.setError();
- coyoteResponse.setErrorReported();
- // Trigger a reset once control returns to Tomcat
- streamOutputBuffer.reset = se;
- throw new CloseNowException(msg, se);
+ doWriteTimeout();
}
} else {
return 0;
@@ -252,6 +242,21 @@ class Stream extends AbstractStream implements HeaderEmitter {
}
+ void doWriteTimeout() throws CloseNowException {
+ String msg = sm.getString("stream.writeTimeout");
+ StreamException se = new StreamException(
+ msg, Http2Error.ENHANCE_YOUR_CALM, getIdentifier().intValue());
+ // Prevent the application making further writes
+ streamOutputBuffer.closed = true;
+ // Prevent Tomcat's error handling trying to write
+ coyoteResponse.setError();
+ coyoteResponse.setErrorReported();
+ // Trigger a reset once control returns to Tomcat
+ streamOutputBuffer.reset = se;
+ throw new CloseNowException(msg, se);
+ }
+
+
@Override
public final void emitHeader(String name, String value) throws HpackException {
if (log.isDebugEnabled()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a8abf2d..5665df4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -362,6 +362,10 @@
<update>
Update the internal fork of Commons DBCP 2 to 2.4.0. (markt)
</update>
+ <fix>
+ Expand HTTP/2 timeout handling to include connection window exhaustion
+ on write. (markt)
+ </fix>
</changelog>
</subsection>
</section>
--
2.19.1

28
CVE-2019-10072-2.patch Normal file
View File

@ -0,0 +1,28 @@
From ada725a50a60867af3422c8e612aecaeea856a9a Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Fri, 3 May 2019 21:52:41 +0100
Subject: [PATCH] Fix test failures. Handle full allocation case.
https://github.com/apache/tomcat/commit/ada725a
---
java/org/apache/coyote/http2/Http2UpgradeHandler.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index ab0369a..cadae44 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -804,8 +804,10 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH
stream.wait(writeTimeout);
}
// Has this stream been granted an allocation
+ // Note: If the stream in not in this Map then the
+ // requested write has been fully allocated
int[] value = backLogStreams.get(stream);
- if (value[1] == 0) {
+ if (value != null && value[1] == 0) {
// No allocation
// Close the connection. Do this first since
// closing the stream will raise an exception
--
2.19.1

BIN
apache-tomcat-9.0.10-src.tar.gz Normal file
View File

Binary file not shown.

13
el-api-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,13 @@
Manifest-Version: 1.0
Export-Package: javax.el;version="2.2.0"
Bundle-Vendor: %bundleProvider
Bundle-ClassPath: .
Bundle-Version: 2.2.0
Bundle-Name: %bundleName
Bundle-Localization: plugin
Bundle-ManifestVersion: 2
Bundle-SymbolicName: javax.el
DynamicImport-Package: org.apache.el
Bundle-RequiredExecutionEnvironment: J2SE-1.4,CDC-1.0/Foundation-1.0,J
2SE-1.3

40
jasper-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,40 @@
Manifest-Version: 1.0
Export-Package: org.apache.jasper;version="8.0.26",org.apache.jasper.c
ompiler;version="8.0.26",org.apache.jasper.compiler.tagplugin;version
="8.0.26",org.apache.jasper.resources;version="8.0.26",org.apache.jas
per.runtime;version="8.0.26",org.apache.jasper.security;version="7.0.
19",org.apache.jasper.servlet;version="8.0.26",org.apache.jasper.tagp
lugins.jstl;version="8.0.26",org.apache.jasper.tagplugins.jstl.core;v
ersion="8.0.26",org.apache.jasper.util;version="8.0.26",org.apache.ja
sper.xmlparser;version="8.0.26"
Bundle-Vendor: %bundleProvider
Bundle-ClassPath: .
Bundle-Version: 8.0.26
Bundle-Localization: plugin
Bundle-Name: %bundleName
Bundle-ManifestVersion: 2
Bundle-SymbolicName: org.apache.jasper
Import-Package: javax.servlet;version="[2.4.0, 3.0.0]",javax.servlet.h
ttp;version="[2.4.0, 3.0.0]",javax.servlet.jsp;version="[2.0.0, 2.2.0
]",javax.servlet.jsp.el;version="[2.0.0, 2.2.0]",javax.servlet.jsp.re
sources;version="[2.0.0, 2.2.0]",javax.servlet.jsp.tagext;version="[2
.0.0, 2.2.0]",javax.servlet.resources;version="[2.4.0, 3.0.0]",javax.
xml.parsers,org.apache.commons.el;version="[1.0.0,2.0.0)",org.apache.
commons.logging;version="[1.0.0,2.0.0)",org.apache.tools.ant;resoluti
on:=optional,org.apache.tools.ant.taskdefs;resolution:=optional,org.a
pache.tools.ant.types;resolution:=optional,org.apache.tools.ant.util;
resolution:=optional,org.w3c.dom,org.xml.sax,org.xml.sax.ext,org.xml.
sax.helpers,org.apache.tomcat;version="8.0.26",org.apache.juli.loggin
g;version="8.0.26",javax.el;version="2.2.0",org.eclipse.jdt.internal.
compiler,org.eclipse.jdt.internal.compiler.parser,org.eclipse.jdt.int
ernal.compiler.parser.diagnose,org.eclipse.jdt.internal.compiler.flow
,org.eclipse.jdt.internal.compiler.util,org.eclipse.jdt.internal.comp
iler.impl,org.eclipse.jdt.internal.compiler.lookup,org.eclipse.jdt.in
ternal.compiler.codegen,org.eclipse.jdt.internal.compiler.batch,org.e
clipse.jdt.internal.compiler.classfmt,org.eclipse.jdt.internal.compil
er.ast,org.eclipse.jdt.internal.compiler.problem,org.eclipse.jdt.inte
rnal.compiler.env,org.eclipse.jdt.internal.core.util,org.eclipse.jdt.
core.compiler
Bundle-RequiredExecutionEnvironment: J2SE-1.4,CDC-1.0/Foundation-1.0,J
2SE-1.3

13
jasper-el-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,13 @@
Manifest-Version: 1.0
Export-Package: org.apache.el;version="7.0.21"
Bundle-Vendor: %bundleProvider
Bundle-ClassPath: .
Bundle-Version: 8.0.26
Bundle-Name: %bundleName
Bundle-Localization: plugin
Bundle-ManifestVersion: 2
Import-Package: javax.el;version="2.2"
Bundle-SymbolicName: org.apache.el
Bundle-RequiredExecutionEnvironment: J2SE-1.4,CDC-1.0/Foundation-1.0,J
2SE-1.3

13
jsp-api-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,13 @@
Manifest-Version: 1.0
Bundle-Vendor: %bundleProvider
Bundle-Localization: plugin
Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
Bundle-Name: %bundleName
Bundle-SymbolicName: javax.servlet.jsp
Export-Package: javax.servlet.jsp; version=2.2,javax.servlet.jsp.el; v
ersion=2.2,javax.servlet.jsp.resources; version=2.2,javax.servlet.jsp
.tagext; version=2.2
Bundle-Version: 2.2.0.v200806031607
Bundle-ManifestVersion: 2
Import-Package: javax.servlet; version=3.0,javax.servlet.http; version
=3.0,javax.servlet.resources; version=3.0,javax.el;version="2.2.0"

17
servlet-api-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,17 @@
Manifest-Version: 1.0
Bundle-RequiredExecutionEnvironment: CDC-1.1/Foundation-1.1,J2SE-1.4
Bundle-SymbolicName: javax.servlet
Bundle-ManifestVersion: 2
Bundle-Name: %bundleName
Bundle-Localization: plugin
Bundle-Version: 3.0.0
Bundle-Vendor: %bundleProvider
Export-Package: javax.servlet;version="3.0",
javax.servlet;version="2.6",
javax.servlet.http;version="3.0",
javax.servlet.http;version="2.6",
javax.servlet.annotation;version="2.6",
javax.servlet.descriptor;version="3.0",
javax.servlet.descriptor;version="2.6",
javax.servlet.resources;version="3.0",
javax.servlet.resources;version="2.6"

9
tomcat-9.0-bootstrap-MANIFEST.MF.patch Normal file
View File

@ -0,0 +1,9 @@
--- tomcat/res/META-INF/bootstrap.jar.manifest.orig 2010-04-06 10:11:09.000000000 -0600
+++ tomcat/res/META-INF/bootstrap.jar.manifest 2010-04-06 10:45:56.000000000 -0600
@@ -1,6 +1,5 @@
Manifest-Version: 1.0
Main-Class: org.apache.catalina.startup.Bootstrap
-Class-Path: commons-daemon.jar
Specification-Title: Apache Tomcat Bootstrap
Specification-Version: @VERSION_MAJOR_MINOR@
Specification-Vendor: Apache Software Foundation

45
tomcat-9.0-digest.script Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
#
# tomcat-digest script
# JPackage Project <http://www.jpackage.org/>
# Source functions library
if [ -f /usr/share/java-utils/java-functions ] ; then
. /usr/share/java-utils/java-functions
else
echo "Can't find functions library, aborting"
exit 1
fi
# Get the tomcat config (use this for environment specific settings)
if [ -z "${TOMCAT_CFG}" ]; then
TOMCAT_CFG="/etc/tomcat/tomcat.conf"
fi
if [ -r "$TOMCAT_CFG" ]; then
. $TOMCAT_CFG
fi
set_javacmd
# CLASSPATH munging
if [ -n "$JSSE_HOME" ]; then
CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
fi
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
export CLASSPATH
# Configuration
MAIN_CLASS="org.apache.catalina.startup.Tool"
BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
BASE_OPTIONS=""
BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
# Set parameters
set_classpath $BASE_JARS
set_flags $BASE_FLAGS
set_options $BASE_OPTIONS
# Let's start
run -server org.apache.catalina.realm.RealmBase "$@"

22
tomcat-9.0-jsvc.service Normal file
View File

@ -0,0 +1,22 @@
# Systemd unit file for tomcat
#
# To create clones of this service:
# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined
# before tomcat-sysd is called.
# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat
# to override tomcat defaults
[Unit]
Description=Apache Tomcat Web Application Container JSVC wrapper
After=syslog.target network.target
[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=" "USE_JSVC=true"
EnvironmentFile=-/etc/sysconfig/tomcat
ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/libexec/tomcat/server stop
[Install]
WantedBy=multi-user.target

17
tomcat-9.0-tomcat-users-webapp.patch Normal file
View File

@ -0,0 +1,17 @@
--- tomcat/conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500
+++ tomcat/conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500
@@ -23,4 +23,14 @@
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
+
+<!-- <role rolename="admin"/> -->
+<!-- <role rolename="admin-gui"/> -->
+<!-- <role rolename="admin-script"/> -->
+<!-- <role rolename="manager"/> -->
+<!-- <role rolename="manager-gui"/> -->
+<!-- <role rolename="manager-script"/> -->
+<!-- <role rolename="manager-jmx"/> -->
+<!-- <role rolename="manager-status"/> -->
+<!-- <user name="admin" password="<must-be-changed>" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
</tomcat-users>

45
tomcat-9.0-tool-wrapper.script Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
#
# tomcat-digest script
# JPackage Project <http://www.jpackage.org/>
# Source functions library
if [ -f /usr/share/java-utils/java-functions ] ; then
. /usr/share/java-utils/java-functions
else
echo "Can't find functions library, aborting"
exit 1
fi
# Get the tomcat config (use this for environment specific settings)
if [ -z "${TOMCAT_CFG}" ]; then
TOMCAT_CFG="/etc/tomcat/tomcat.conf"
fi
if [ -r "$TOMCAT_CFG" ]; then
. $TOMCAT_CFG
fi
set_javacmd
# CLASSPATH munging
if [ -n "$JSSE_HOME" ]; then
CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
fi
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
export CLASSPATH
# Configuration
MAIN_CLASS="org.apache.catalina.startup.Tool"
BASE_OPTIONS=""
BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
# Set parameters
set_classpath $BASE_JARS
set_flags $BASE_FLAGS
set_options $BASE_OPTIONS
# Let's start
run "$@"

52
tomcat-9.0.conf Normal file
View File

@ -0,0 +1,52 @@
# System-wide configuration file for tomcat services
# This will be loaded by systemd as an environment file,
# so please keep the syntax. For shell expansion support
# place your custom files as /etc/tomcat/conf.d/*.conf
#
# There are 2 "classes" of startup behavior in this package.
# The old one, the default service named tomcat.service.
# The new named instances are called tomcat@instance.service.
#
# Use this file to change default values for all services.
# Change the service specific ones to affect only one service.
# For tomcat.service it's /etc/sysconfig/tomcat, for
# tomcat@instance it's /etc/sysconfig/tomcat@instance.
# This variable is used to figure out if config is loaded or not.
TOMCAT_CFG_LOADED="1"
# In new-style instances, if CATALINA_BASE isn't specified, it will
# be constructed by joining TOMCATS_BASE and NAME.
TOMCATS_BASE="/var/lib/tomcats/"
# Where your java installation lives
JAVA_HOME="/usr/lib/jvm/jre"
# Where your tomcat installation lives
CATALINA_HOME="@@@TCHOME@@@"
# System-wide tmp
CATALINA_TMPDIR="/var/cache/tomcat/temp"
# You can pass some parameters to java here if you wish to
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib"
# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
# You can change your tomcat locale here
#LANG="en_US"
# Run tomcat under the Java Security Manager
SECURITY_MANAGER="false"
# Time to wait in seconds, before killing process
# TODO(stingray): does nothing, fix.
# SHUTDOWN_WAIT="30"
# If you wish to further customize your tomcat environment,
# put your own definitions here
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

8
tomcat-9.0.logrotate Normal file
View File

@ -0,0 +1,8 @@
@@@TCLOG@@@/catalina.out {
copytruncate
weekly
rotate 52
compress
missingok
create 0644 tomcat tomcat
}

22
tomcat-9.0.service Normal file
View File

@ -0,0 +1,22 @@
# Systemd unit file for default tomcat
#
# To create clones of this service:
# DO NOTHING, use tomcat@.service instead.
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME="
EnvironmentFile=-/etc/sysconfig/tomcat
ExecStart=/usr/libexec/tomcat/server start
SuccessExitStatus=143
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target

11
tomcat-9.0.sysconfig Normal file
View File

@ -0,0 +1,11 @@
# Service-specific configuration file for tomcat. This will be sourced by
# systemd for the default service (tomcat.service)
# If you want to customize named instance, make a similar file
# and name it tomcat@instancename.
# You will not need to set this, usually. For default service it equals
# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME}
#CATALINA_BASE="@@@TCHOME@@@"
# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you
# can override.

24
tomcat-9.0.wrapper Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
if [ "$1" = "version" ]; then
. /usr/libexec/tomcat/preamble
exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
org.apache.catalina.util.ServerInfo
fi
SRV="tomcat"
if [ -n "$2" ]; then
SRV="tomcat@$2"
fi
if [ "$1" = "start" ]; then
systemctl start ${SRV}.service
elif [ "$1" = "stop" ]; then
systemctl stop ${SRV}.service
elif [ "$1" = "version" ]; then
${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
org.apache.catalina.util.ServerInfo
else
echo "Usage: $0 {start|stop|version} [server-id]"
exit 1
fi

12
tomcat-api-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,12 @@
Manifest-Version: 1.0
Export-Package: org.apache.tomcat;version="8.0.26"
Bundle-Vendor: %bundleProvider
Bundle-ClassPath: .
Bundle-Version: 8.0.26
Bundle-Name: %bundleName
Bundle-Localization: plugin
Bundle-ManifestVersion: 2
Bundle-SymbolicName: org.apache.tomcat
Bundle-RequiredExecutionEnvironment: J2SE-1.4,CDC-1.0/Foundation-1.0,J
2SE-1.3

12
tomcat-build.patch Normal file
View File

@ -0,0 +1,12 @@
--- tomcat/build.xml.orig 2018-08-07 10:32:04.994403913 -0400
+++ tomcat/build.xml 2018-08-07 10:32:30.874319588 -0400
@@ -2989,6 +2989,9 @@ Read the Building page on the Apache Tom
<path id="bndlib.classpath">
<fileset file="${bnd.jar}" />
<fileset file="${bndlib.jar}" />
+ <fileset file="${bndlibg.jar}" />
+ <fileset file="${bndannotation.jar}" />
+ <fileset file="${slf4j-api.jar}" />
</path>
<taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bndlib.classpath" />

42
tomcat-functions Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
if [ -r /usr/share/java-utils/java-functions ]; then
. /usr/share/java-utils/java-functions
else
echo "Can't read Java functions library, aborting"
exit 1
fi
_save_function() {
local ORIG_FUNC=$(declare -f $1)
local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
eval "$NEWNAME_FUNC"
}
run_jsvc(){
if [ -x /usr/bin/jsvc ]; then
TOMCAT_USER="${TOMCAT_USER:-tomcat}"
JSVC="/usr/bin/jsvc"
JSVC_OPTS="-nodetach -pidfile /var/run/jsvc-tomcat${NAME}.pid -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
if [ "$1" = "stop" ]; then
JSVC_OPTS="${JSVC_OPTS} -stop"
fi
exec "${JSVC}" ${JSVC_OPTS} ${FLAGS} -classpath "${CLASSPATH}" ${OPTIONS} "${MAIN_CLASS}" "${@}"
else
echo "Can't find /usr/bin/jsvc executable"
fi
}
_save_function run run_java
run() {
if [ "${USE_JSVC}" = "true" ] ; then
run_jsvc $@
else
run_java $@
fi
}

13
tomcat-juli-OSGi-MANIFEST.MF Normal file
View File

@ -0,0 +1,13 @@
Manifest-Version: 1.0
Export-Package: org.apache.juli;version="8.0.26",org.apache.juli.loggi
ng;version="8.0.26"
Bundle-Vendor: %bundleProvider
Bundle-ClassPath: .
Bundle-Version: 8.0.26
Bundle-Name: %bundleName
Bundle-Localization: plugin
Bundle-ManifestVersion: 2
Bundle-SymbolicName: org.apache.juli
Bundle-RequiredExecutionEnvironment: J2SE-1.4,CDC-1.0/Foundation-1.0,J
2SE-1.3

26
tomcat-named.service Normal file
View File

@ -0,0 +1,26 @@
# Systemd unit file for tomcat instances.
#
# To create clones of this service:
# 0. systemctl enable tomcat@name.service
# 1. create catalina.base directory structure in
# /var/lib/tomcats/name
# 2. profit.
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=%I"
EnvironmentFile=-/etc/sysconfig/tomcat@%I
ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target

52
tomcat-preamble Normal file
View File

@ -0,0 +1,52 @@
#!/bin/bash
. /usr/libexec/tomcat/functions
# Get the tomcat config (use this for environment specific settings)
if [ -z "${TOMCAT_CFG_LOADED}" ]; then
if [ -z "${TOMCAT_CFG}" ]; then
TOMCAT_CFG="/etc/tomcat/tomcat.conf"
fi
. $TOMCAT_CFG
fi
if [ -d "${TOMCAT_CONFD=/etc/tomcat/conf.d}" ]; then
for file in ${TOMCAT_CONFD}/*.conf ; do
if [ -f "$file" ] ; then
. "$file"
fi
done
fi
if [ -z "$CATALINA_BASE" ]; then
if [ -n "$NAME" ]; then
if [ -z "$TOMCATS_BASE" ]; then
TOMCATS_BASE="/var/lib/tomcats/"
fi
CATALINA_BASE="${TOMCATS_BASE}${NAME}"
else
CATALINA_BASE="${CATALINA_HOME}"
fi
fi
VERBOSE=1
set_javacmd
cd ${CATALINA_HOME}
# CLASSPATH munging
if [ ! -z "$CLASSPATH" ] ; then
CLASSPATH="$CLASSPATH":
fi
if [ -n "$JSSE_HOME" ]; then
CLASSPATH="${CLASSPATH}$(build-classpath jcert jnet jsse 2>/dev/null):"
fi
CLASSPATH="${CLASSPATH}${CATALINA_HOME}/bin/bootstrap.jar"
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"
if [ -z "$LOGGING_PROPERTIES" ] ; then
LOGGING_PROPERTIES="${CATALINA_BASE}/conf/logging.properties"
if [ ! -f "${LOGGING_PROPERTIES}" ] ; then
LOGGING_PROPERTIES="${CATALINA_HOME}/conf/logging.properties"
fi
fi

25
tomcat-server Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
. /usr/libexec/tomcat/preamble
MAIN_CLASS=org.apache.catalina.startup.Bootstrap
FLAGS="$JAVA_OPTS"
OPTIONS="-Dcatalina.base=$CATALINA_BASE \
-Dcatalina.home=$CATALINA_HOME \
-Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
-Djava.io.tmpdir=$CATALINA_TMPDIR \
-Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
if [ "$1" = "start" ] ; then
FLAGS="${FLAGS} $CATALINA_OPTS"
if [ "${SECURITY_MANAGER}" = "true" ] ; then
OPTIONS="${OPTIONS} \
-Djava.security.manager \
-Djava.security.policy==${CATALINA_BASE}/conf/catalina.policy"
fi
run start
elif [ "$1" = "stop" ] ; then
run stop
fi

463
tomcat.spec Normal file
View File

@ -0,0 +1,463 @@
%global jspspec 2.3
%global major_version 9
%global minor_version 0
%global micro_version 10
%global packdname apache-tomcat-%{version}-src
%global servletspec 4.0
%global elspec 3.0
%global tcuid 91
%{!?_mavendepmapfragdir: %global _mavendepmapfragdir /usr/share/maven-metadata}
%{?fc24: %global _mavendepmapfragdir /usr/share/maven-metadata}
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 11
Summary: Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
License: ASL 2.0
URL: http://tomcat.apache.org/
Source0: https://github.com/apache/tomcat/archive/%{version}.tar.gz
Source1: %{name}-%{major_version}.%{minor_version}.conf
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
Source4: %{name}-%{major_version}.%{minor_version}.wrapper
Source5: %{name}-%{major_version}.%{minor_version}.logrotate
Source6: %{name}-%{major_version}.%{minor_version}-digest.script
Source7: %{name}-%{major_version}.%{minor_version}-tool-wrapper.script
Source8: servlet-api-OSGi-MANIFEST.MF
Source9: jsp-api-OSGi-MANIFEST.MF
Source11: %{name}-%{major_version}.%{minor_version}.service
Source12: el-api-OSGi-MANIFEST.MF
Source13: jasper-el-OSGi-MANIFEST.MF
Source14: jasper-OSGi-MANIFEST.MF
Source15: tomcat-api-OSGi-MANIFEST.MF
Source16: tomcat-juli-OSGi-MANIFEST.MF
Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service
Source21: tomcat-functions
Source30: tomcat-preamble
Source31: tomcat-server
Source32: tomcat-named.service
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
Patch2: %{name}-build.patch
Patch6001: CVE-2019-0199-1.patch
Patch6002: CVE-2019-0199-2.patch
Patch6003: CVE-2019-0199-3.patch
Patch6004: CVE-2019-0199-4.patch
Patch6005: CVE-2019-0199-5.patch
Patch6006: CVE-2019-0199-6.patch
Patch6007: CVE-2019-0199-7.patch
Patch6008: CVE-2019-0199-8.patch
Patch6009: CVE-2019-0199-9.patch
Patch6010: CVE-2019-0199-10.patch
Patch6011: CVE-2019-0199-11.patch
Patch6012: CVE-2018-11784.patch
Patch6013: CVE-2019-0221.patch
Patch6014: CVE-2019-10072-1.patch
Patch6015: CVE-2019-10072-2.patch
BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon
BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant
BuildRequires: jpackage-utils >= 0:1.7.0 java-devel >= 1:1.8.0 junit javapackages-local
BuildRequires: geronimo-saaj aqute-bndlib aqute-bnd systemd-units wsdl4j geronimo-jaxrpc
Requires: procps jpackage-utils java-headless >= 1:1.8.0 apache-commons-daemon
Requires: tomcat-taglibs-standard >= 0:1.1
Recommends: tomcat-native >= 1.2.14
Requires(pre): shadow-utils
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(postun): chkconfig
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Provides: %{name}-log4j = %{epoch}:%{version}-%{release}
Provides: servlet = %{servletspec} servlet6 servlet3 el_api = %{elspec} jsp = %{jspspec}
Obsoletes: %{name}-el-2.2-api %{name}-servlet-3.1-api %{name}-jsp-2.2-api
Provides: %{name}-lib = %{epoch}:%{version}-%{release}
Provides: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
Provides: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
Provides: %{name}-jsp-%{jspspec}-api = %{epoch}:%{version}-%{release}
Provides: %{name}-webapps = %{epoch}:%{version}-%{release}
Provides: %{name}-admin-webapps = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-lib < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-servlet-%{servletspec}-api < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-el-%{elspec}-api < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-jsp-%{jspspec}-api < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-webapps < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-admin-webapps < %{epoch}:%{version}-%{release}
BuildArch: noarch
%description
The Apache Tomcat software is developed in an open and participatory environment
and released under the Apache License version 2. The Apache Tomcat project is
intended to be a collaboration of the best-of-breed developers from around the
world. We invite you to participate in this open development project
%package jsvc
Summary: Apache jsvc wrapper for Apache Tomcat as separate service
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: apache-commons-daemon-jsvc
%description jsvc
Systemd service to start tomcat with jsvc,
which allows tomcat to perform some privileged operations
(e.g. bind to a port < 1024) and then switch identity to a non-privileged user.
%package help
Summary: Documents for %{name}
Buildarch: noarch
Requires: man info jpackage-utils
Requires: %{name} = %{epoch}:%{version}-%{release}
Provides: %{name}-docs-webapp = %{epoch}:%{version}-%{release}
Provides: %{name}-javadoc = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-docs-webapp < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-javadoc < %{epoch}:%{version}-%{release}
%description help
Man pages and other related documents for %{name}.
%prep
find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
-name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
%autosetup -p1 -n %{packdname}
ln -s $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
ln -s $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
%build
export OPT_JAR_LIST="xalan-j2-serializer"
touch HACK
%{ant} -Dbase.path="." \
-Dbuild.compiler="modern" \
-Dcommons-collections.jar="$(build-classpath apache-commons-collections)" \
-Dcommons-daemon.jar="$(build-classpath apache-commons-daemon)" \
-Dcommons-daemon.native.src.tgz="HACK" \
-Djdt.jar="$(build-classpath ecj)" \
-Dtomcat-native.tar.gz="HACK" \
-Dtomcat-native.home="." \
-Dcommons-daemon.native.win.mgr.exe="HACK" \
-Dnsis.exe="HACK" \
-Djaxrpc-lib.jar="$(build-classpath jaxrpc)" \
-Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \
-Dsaaj-api.jar="$(build-classpath geronimo-saaj)" \
-Dbnd.jar="$(build-classpath aqute-bnd/biz.aQute.bnd)" \
-Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
-Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
-Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
-Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
-Dno.build.dbcp=true \
-Dversion="%{version}" \
-Dversion.build="%{micro_version}" \
-Djava.7.home=%{java_home} \
-Dexecute.validate=false \
deploy dist-prepare dist-source javadoc
rm output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
pushd output/dist/src/webapps/docs/appdev/sample/src
mkdir -p ../web/WEB-INF/classes
%{javac} -cp ../../../../../../../../output/build/lib/servlet-api.jar -d ../web/WEB-INF/classes mypackage/Hello.java
pushd ../web
%{jar} cf ../../../../../../../../output/build/webapps/docs/appdev/sample/sample.war *
popd
popd
mkdir -p META-INF
cp -p %{SOURCE8} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/servlet-api.jar META-INF/MANIFEST.MF
cp -p %{SOURCE9} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/jsp-api.jar META-INF/MANIFEST.MF
cp -p %{SOURCE12} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/el-api.jar META-INF/MANIFEST.MF
cp -p %{SOURCE13} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/jasper-el.jar META-INF/MANIFEST.MF
cp -p %{SOURCE14} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/jasper.jar META-INF/MANIFEST.MF
cp -p %{SOURCE15} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/lib/tomcat-api.jar META-INF/MANIFEST.MF
cp -p %{SOURCE16} META-INF/MANIFEST.MF
touch META-INF/MANIFEST.MF
zip output/build/bin/tomcat-juli.jar META-INF/MANIFEST.MF
%install
install -d -m 0755 %{buildroot}%{_bindir}
install -d -m 0755 %{buildroot}%{_sbindir}
install -d -m 0755 %{buildroot}%{_javadocdir}/%{name}
install -d -m 0755 %{buildroot}%{_sysconfdir}/init.d
install -d -m 0755 %{buildroot}/lib/systemd/system
install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -d -m 0755 %{buildroot}%{_var}/lib/%{name}/webapps
install -d -m 0755 %{buildroot}%{_datadir}/%{name}/bin
install -d -m 0775 %{buildroot}%{_sysconfdir}/%{name}
install -d -m 0775 %{buildroot}%{_sysconfdir}/%{name}/Catalina/localhost
install -d -m 0775 %{buildroot}%{_sysconfdir}/%{name}/conf.d
/bin/echo "Place your custom *.conf files here. Shell expansion is supported." > %{buildroot}%{_sysconfdir}/%{name}/conf.d/README
install -d -m 0755 %{buildroot}%{_javadir}/%{name}
install -d -m 0775 %{buildroot}%{_var}/log/%{name}
/bin/touch %{buildroot}%{_var}/log/%{name}/catalina.out
install -d -m 0775 %{buildroot}%{_localstatedir}/lib/tomcats
install -d -m 0775 %{buildroot}%{_datadir}/%{name}
install -d -m 0775 %{buildroot}%{_var}/cache/%{name}/temp
install -d -m 0775 %{buildroot}%{_var}/cache/%{name}/work
install -d -m 0755 %{buildroot}%{_unitdir}
install -d -m 0755 %{buildroot}%{_libexecdir}/%{name}
pushd output/build
cp -a bin/*.{jar,xml} %{buildroot}%{_datadir}/%{name}/bin
cp -a conf/*.{policy,properties,xml,xsd} %{buildroot}%{_sysconfdir}/%{name}
cp -a lib/*.jar %{buildroot}%{_javadir}/%{name}
cp -a webapps/* %{buildroot}%{_var}/lib/%{name}/webapps
popd
cp -a output/dist/webapps/docs/api/* %{buildroot}%{_javadocdir}/%{name}
sed -e "s|\@\@\@TCHOME\@\@\@|%{_datadir}/%{name}|g" \
-e "s|\@\@\@TCTEMP\@\@\@|%{_var}/cache/%{name}/temp|g" \
-e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE1} \
> %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
sed -e "s|\@\@\@TCHOME\@\@\@|%{_datadir}/%{name}|g" \
-e "s|\@\@\@TCTEMP\@\@\@|%{_var}/cache/%{name}/temp|g" \
-e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \
> %{buildroot}%{_sysconfdir}/sysconfig/%{name}
install -m 0644 %{SOURCE4} %{buildroot}%{_sbindir}/%{name}
install -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -m 0644 %{SOURCE20} %{buildroot}%{_unitdir}/%{name}-jsvc.service
sed -e "s|\@\@\@TCLOG\@\@\@|%{_var}/log/%{name}|g" %{SOURCE5} > %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
sed -e "s|\@\@\@TCHOME\@\@\@|%{_datadir}/%{name}|g" \
-e "s|\@\@\@TCTEMP\@\@\@|%{_var}/cache/%{name}/temp|g" \
-e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \
> %{buildroot}%{_bindir}/%{name}-digest
sed -e "s|\@\@\@TCHOME\@\@\@|%{_datadir}/%{name}|g" \
-e "s|\@\@\@TCTEMP\@\@\@|%{_var}/cache/%{name}/temp|g" \
-e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \
> %{buildroot}%{_bindir}/%{name}-tool-wrapper
install -m 0644 %{SOURCE21} %{buildroot}%{_libexecdir}/%{name}/functions
install -m 0755 %{SOURCE30} %{buildroot}%{_libexecdir}/%{name}/preamble
install -m 0755 %{SOURCE31} %{buildroot}%{_libexecdir}/%{name}/server
install -m 0644 %{SOURCE32} %{buildroot}%{_unitdir}/%{name}@.service
sed -i \
"s,el-api.jar,%{name}-el-%{elspec}-api.jar,;
s,servlet-api.jar,%{name}-servlet-%{servletspec}-api.jar,;
s,jsp-api.jar,%{name}-jsp-%{jspspec}-api.jar,;" \
%{buildroot}%{_datadir}/%{name}/bin/catalina-tasks.xml
pushd %{buildroot}%{_javadir}
mv %{name}/jsp-api.jar %{name}-jsp-%{jspspec}-api.jar
ln -s %{name}-jsp-%{jspspec}-api.jar %{name}-jsp-api.jar
mv %{name}/servlet-api.jar %{name}-servlet-%{servletspec}-api.jar
ln -s %{name}-servlet-%{servletspec}-api.jar %{name}-servlet-api.jar
mv %{name}/el-api.jar %{name}-el-%{elspec}-api.jar
ln -s %{name}-el-%{elspec}-api.jar %{name}-el-api.jar
popd
pushd output/build
%{_bindir}/build-jar-repository lib apache-commons-collections apache-commons-dbcp apache-commons-pool ecj 2>&1
%{_bindir}/build-jar-repository -p webapps/examples/WEB-INF/lib \
tomcat-taglibs-standard/taglibs-standard-impl.jar tomcat-taglibs-standard/taglibs-standard-compat.jar 2>&1
popd
pushd %{buildroot}%{_javadir}/%{name}
ln -s ../../java/%{name}-jsp-%{jspspec}-api.jar .
ln -s ../../java/%{name}-servlet-%{servletspec}-api.jar .
ln -s ../../java/%{name}-el-%{elspec}-api.jar .
ln -s $(build-classpath apache-commons-collections) commons-collections.jar
ln -s $(build-classpath apache-commons-dbcp) commons-dbcp.jar
ln -s $(build-classpath apache-commons-pool) commons-pool.jar
ln -s $(build-classpath ecj) jasper-jdt.jar
cp -a %{buildroot}%{_datadir}/%{name}/bin/tomcat-juli.jar ./
popd
pushd %{buildroot}%{_datadir}/%{name}
ln -s %{_var}/lib/%{name}/webapps webapps
ln -s %{_sysconfdir}/%{name} conf
ln -s %{_javadir}/%{name} lib
ln -s %{_var}/log/%{name} logs
ln -s %{_var}/cache/%{name}/temp temp
ln -s %{_var}/cache/%{name}/work work
popd
mkdir -p %{buildroot}%{_var}/lib/%{name}/webapps/sample
pushd %{buildroot}%{_var}/lib/%{name}/webapps/sample
%{jar} xf %{buildroot}%{_var}/lib/%{name}/webapps/docs/appdev/sample/sample.war
popd
rm %{buildroot}%{_var}/lib/%{name}/webapps/docs/appdev/sample/sample.war
mkdir -p %{buildroot}%{_var}/lib/%{name}/webapps/examples/META-INF
pushd %{buildroot}%{_var}/lib/%{name}/webapps/examples/META-INF
echo '<?xml version="1.0" encoding="UTF-8"?>' > context.xml
echo '<Context>' >> context.xml
echo ' <Resources allowLinking="true" />' >> context.xml
echo '</Context>' >> context.xml
popd
pushd %{buildroot}%{_var}/lib/%{name}/webapps/examples/WEB-INF/lib
ln -s -f $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) jstl.jar
ln -s -f $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) standard.jar
popd
install -d -m 0755 %{buildroot}%{_mavenpomdir}
pushd output/dist/src/res/maven
for pom in *.pom; do
sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom
done
for libname in annotations-api catalina jasper-el jasper catalina-ha; do
cp -a %{name}-$libname.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-$libname.pom
%add_maven_depmap JPP.%{name}-$libname.pom %{name}/$libname.jar -f "tomcat-lib"
done
cp -a %{name}-util-scan.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-util-scan.pom
%add_maven_depmap JPP.%{name}-util-scan.pom %{name}/%{name}-util-scan.jar -f "tomcat-lib"
cp -a %{name}-jni.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-jni.pom
%add_maven_depmap JPP.%{name}-jni.pom %{name}/%{name}-jni.jar -f "tomcat-lib"
cp -a tomcat-jsp-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-jsp-api.pom
%add_maven_depmap JPP-tomcat-jsp-api.pom tomcat-jsp-api.jar -f "tomcat-jsp-api" -a "org.eclipse.jetty.orbit:javax.servlet.jsp"
cp -a tomcat-el-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-el-api.pom
%add_maven_depmap JPP-tomcat-el-api.pom tomcat-el-api.jar -f "tomcat-el-api" -a "org.eclipse.jetty.orbit:javax.el"
cp -a tomcat-servlet-api.pom %{buildroot}%{_mavenpomdir}/JPP-tomcat-servlet-api.pom
%add_maven_depmap JPP-tomcat-servlet-api.pom tomcat-servlet-api.jar -f "tomcat-servlet-api"
ln -s -f $(abs2rel %{_datadir}/%{name}/bin/tomcat-juli.jar %{_javadir}/%{name}) %{buildroot}%{_javadir}/%{name}/
cp -a tomcat-tribes.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-catalina-tribes.pom
%add_maven_depmap JPP.%{name}-catalina-tribes.pom %{name}/catalina-tribes.jar
cp -a tomcat-coyote.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-coyote.pom
%add_maven_depmap JPP.%{name}-tomcat-coyote.pom %{name}/tomcat-coyote.jar
cp -a tomcat-juli.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-juli.pom
%add_maven_depmap JPP.%{name}-tomcat-juli.pom %{name}/tomcat-juli.jar
cp -a tomcat-api.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-api.pom
%add_maven_depmap JPP.%{name}-tomcat-api.pom %{name}/tomcat-api.jar
cp -a tomcat-util.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-util.pom
%add_maven_depmap JPP.%{name}-tomcat-util.pom %{name}/tomcat-util.jar
cp -a tomcat-jdbc.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-jdbc.pom
%add_maven_depmap JPP.%{name}-tomcat-jdbc.pom %{name}/tomcat-jdbc.jar
cp -a tomcat-websocket-api.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-websocket-api.pom
%add_maven_depmap JPP.%{name}-websocket-api.pom %{name}/websocket-api.jar
cp -a tomcat-websocket.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-tomcat-websocket.pom
%add_maven_depmap JPP.%{name}-tomcat-websocket.pom %{name}/tomcat-websocket.jar
cp -a tomcat-jaspic-api.pom %{buildroot}%{_mavenpomdir}/JPP.%{name}-jaspic-api.pom
%add_maven_depmap JPP.%{name}-jaspic-api.pom %{name}/jaspic-api.jar
%pre
%{_sbindir}/groupadd -g %{tcuid} -r tomcat 2>/dev/null || :
%{_sbindir}/useradd -c "Apache Tomcat" -u %{tcuid} -g tomcat -s /sbin/nologin -r -d %{_datadir}/%{name} tomcat 2>/dev/null || :
%post
%systemd_post %{name}.service
%{_sbindir}/update-alternatives --install %{_javadir}/servlet.jar servlet %{_javadir}/%{name}-servlet-%{servletspec}-api.jar 30000
%{_sbindir}/update-alternatives --install %{_javadir}/elspec.jar elspec %{_javadir}/%{name}-el-%{elspec}-api.jar 20300
%{_sbindir}/update-alternatives --install %{_javadir}/jsp.jar jsp %{_javadir}/%{name}-jsp-%{jspspec}-api.jar 20200
%preun
rm -rf %{_var}/cache/%{name}/work/* %{_var}/cache/%{name}/temp/*
%systemd_preun %{name}.service
%postun
%systemd_postun_with_restart %{name}.service
if [ "$1" = "0" ]; then
%{_sbindir}/update-alternatives --remove servlet %{_javadir}/%{name}-servlet-%{servletspec}-api.jar
%{_sbindir}/update-alternatives --remove elspec %{_javadir}/%{name}-el-%{elspec}-api.jar
%{_sbindir}/update-alternatives --remove jsp %{_javadir}/%{name}-jsp-%{jspspec}-api.jar
fi
%triggerun -- tomcat < 0:7.0.22-2
/usr/bin/systemd-sysv-convert -- save tomcat > /dev/null 2>&1 || :
/sbin/chkconfig --del tomcat > /dev/null 2>&1 || :
/bin/systemctl try-restart tomcat.service > /dev/null 2>&1 || :
%files
%doc LICENSE
%{_javadir}/%{name}-servlet-%{servletspec}*.jar
%dir %{_javadir}/%{name}
%{_javadir}/%{name}/*.jar
%{_javadir}/*.jar
%{_datadir}/%{name}/bin/tomcat-juli.jar
%{_mavenpomdir}/JPP*%{name}-*.pom
%{_datadir}/maven-metadata/*.xml
%{_javadir}/%{name}-el-%{elspec}-api.jar
%{_javadir}/%{name}/%{name}-el-%{elspec}-api.jar
%{_javadir}/%{name}-jsp-%{jspspec}*.jar
%defattr(0664,root,tomcat,0755)
%doc {LICENSE,NOTICE,RELEASE*}
%attr(0755,root,root) %{_bindir}/%{name}-digest
%attr(0755,root,root) %{_bindir}/%{name}-tool-wrapper
%attr(0755,root,root) %{_sbindir}/%{name}
%attr(0644,root,root) %{_unitdir}/%{name}.service
%attr(0644,root,root) %{_unitdir}/%{name}@.service
%attr(0755,root,root) %dir %{_libexecdir}/%{name}
%attr(0755,root,root) %dir %{_localstatedir}/lib/tomcats
%attr(0644,root,root) %{_libexecdir}/%{name}/functions
%attr(0755,root,root) %{_libexecdir}/%{name}/preamble
%attr(0755,root,root) %{_libexecdir}/%{name}/server
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%attr(0755,root,tomcat) %dir %{_var}/lib/%{name}
%attr(0755,root,tomcat) %dir %{_sysconfdir}/%{name}
%defattr(0664,tomcat,root,0770)
%attr(0770,tomcat,root) %dir %{_var}/log/%{name}
%defattr(0664,root,tomcat,0770)
%attr(0770,root,tomcat) %dir %{_var}/cache/%{name}
%attr(0770,root,tomcat) %dir %{_var}/cache/%{name}/temp
%attr(0770,root,tomcat) %dir %{_var}/cache/%{name}/work
%defattr(0644,root,tomcat,0775)
%attr(0775,root,tomcat) %dir %{_var}/lib/%{name}/webapps
%attr(0775,root,tomcat) %dir %{_sysconfdir}/%{name}/Catalina
%attr(0775,root,tomcat) %dir %{_sysconfdir}/%{name}/Catalina/localhost
%attr(0755,root,tomcat) %dir %{_sysconfdir}/%{name}/conf.d
%{_sysconfdir}/%{name}/conf.d/README
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/*.policy
%config(noreplace) %{_sysconfdir}/%{name}/*.properties
%config(noreplace) %{_sysconfdir}/%{name}/context.xml
%config(noreplace) %{_sysconfdir}/%{name}/server.xml
%attr(0640,root,tomcat) %config(noreplace) %{_sysconfdir}/%{name}/tomcat-users.xml
%attr(0664,root,tomcat) %{_sysconfdir}/%{name}/tomcat-users.xsd
%attr(0664,root,tomcat) %config(noreplace) %{_sysconfdir}/%{name}/jaspic-providers.xml
%attr(0664,root,tomcat) %{_sysconfdir}/%{name}/jaspic-providers.xsd
%config(noreplace) %{_sysconfdir}/%{name}/web.xml
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/bin/bootstrap.jar
%{_datadir}/%{name}/bin/catalina-tasks.xml
%{_datadir}/%{name}/lib
%{_datadir}/%{name}/temp
%{_datadir}/%{name}/webapps
%{_datadir}/%{name}/work
%{_datadir}/%{name}/logs
%{_datadir}/%{name}/conf
%defattr(0664,root,tomcat,0755)
%{_var}/lib/%{name}/webapps/host-manager
%{_var}/lib/%{name}/webapps/manager
%defattr(0644,tomcat,tomcat,0755)
%{_var}/lib/%{name}/webapps/ROOT
%{_var}/lib/%{name}/webapps/examples
%{_var}/lib/%{name}/webapps/sample
%files jsvc
%defattr(755,root,root,0755)
%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{_var}/log/%{name}/catalina.out
%files help
%{_var}/lib/%{name}/webapps/docs
%{_javadocdir}/%{name}
%changelog
* Fri Feb 28 2020 Senlin Xia<xiasenlin1@huawei.com> - 1:9.0.10-11
- Package init