- up to 7.0.72

author Arkadiusz Miśkiewicz <arekm@maven.pl>

Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)

committer Arkadiusz Miśkiewicz <arekm@maven.pl>

Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)
author Arkadiusz Miśkiewicz <arekm@maven.pl>
Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)
committer Arkadiusz Miśkiewicz <arekm@maven.pl>
Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)
diff --git a/tomcat-CVE-2016-5388.patch b/tomcat-CVE-2016-5388.patch

deleted file mode 100644 (file)

index d856006..0000000
--- a/tomcat-CVE-2016-5388.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java.orig    2016-06-15 18:45:50.000000000 +0200
-+++ apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java 2016-07-19 15:35:56.656316104 +0200
-@@ -1107,7 +1107,8 @@ public final class CGIServlet extends Ht
-                 //REMIND: change character set
-                 //REMIND: I forgot what the previous REMIND means
-                 if ("AUTHORIZATION".equalsIgnoreCase(header) ||
--                    "PROXY_AUTHORIZATION".equalsIgnoreCase(header)) {
-+                    "PROXY_AUTHORIZATION".equalsIgnoreCase(header) ||
-+                    "PROXY".equalsIgnoreCase(header)) {
-                     //NOOP per CGI specification section 11.2
-                 } else {
-                     envp.put("HTTP_" + header.replace('-', '_'),
diff --git a/tomcat.spec b/tomcat.spec

index 40284e772c61b7210acf26dc81006cf9e64fdac4..80f47d3bf0cdda38db25f7c10a7a53ddfa2d86bb 100644 (file)
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -15,12 +15,12 @@
  Summary:       Web server and Servlet/JSP Engine, RI for Servlet %{servletapiver}/JSP %{jspapiver} API
  Summary(pl.UTF-8):     Serwer www i silnik Servlet/JSP będący wzorcową implementacją API Servlet %{servletapiver}/JSP %{jspapiver}
  Name:          tomcat
-Version:       7.0.70
+Version:       7.0.72
  Release:       1
  License:       Apache v2.0
  Group:         Networking/Daemons/Java
  Source0:       http://www.apache.org/dist/tomcat/tomcat-7/v%{version}/src/apache-%{name}-%{version}-src.tar.gz
-# Source0-md5: 0f56c888df5002cce25fce91634a65c9
+# Source0-md5: e176d014e49685e2642f7abd8eb7b53b
  Source1:       apache-%{name}.init
  Source2:       apache-%{name}.sysconfig
  Source3:       %{name}-build.properties
@@ -41,7 +41,6 @@ Patch4:               %{name}-userdir.patch
  Patch5:                logging.patch
  Patch6:                jcl.patch
  Patch7:                %{name}-build.patch
-Patch8:                tomcat-CVE-2016-5388.patch
  Patch100:      jcl-build.xml.patch
  URL:           http://tomcat.apache.org/
  BuildRequires: ant >= 1.5.3
@@ -272,7 +271,6 @@ javax.servlet.http, javax.servlet.jsp i java.servlet.jsp.tagext).
  %patch5 -p1
  %patch6 -p1
  %patch7 -p1
-%patch8 -p1
  
  # Prepare java-commmons-logging sources
  install -d output/extras/logging
author	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)
committer	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Tue, 25 Oct 2016 12:31:40 +0000 (14:31 +0200)
tomcat-CVE-2016-5388.patch	[deleted file]	patch \| blob \| blame \| history
tomcat.spec		patch \| blob \| blame \| history