diff --git a/9.0.98.tar.gz b/9.0.105.tar.gz similarity index 47% rename from 9.0.98.tar.gz rename to 9.0.105.tar.gz index 114aae1900677c566ab1c6c524f434c007f1a519..e13569355c5e121343c1c4e994851bf0add15b48 100644 Binary files a/9.0.98.tar.gz and b/9.0.105.tar.gz differ diff --git a/bugfix-for-cve-2025-24813.patch b/bugfix-for-cve-2025-24813.patch deleted file mode 100644 index a35527b0d15481ccf9f1d636374fb3d0b177c051..0000000000000000000000000000000000000000 --- a/bugfix-for-cve-2025-24813.patch +++ /dev/null @@ -1,75 +0,0 @@ -From eb61aade8f8daccaecabf07d428b877975622f72 Mon Sep 17 00:00:00 2001 -From: remm -Date: Fri, 24 Jan 2025 15:06:02 +0100 -Subject: [PATCH] Enhance lifecycle of temporary files used by partial PUT - -Delete temporary file right after finishing request processing. -Simplify using createTempFile. ---- - .../catalina/servlets/DefaultServlet.java | 17 +++++++---------- - webapps/docs/changelog.xml | 3 +++ - 2 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java -index 34b6f4379ecf..0886155e3a41 100644 ---- a/java/org/apache/catalina/servlets/DefaultServlet.java -+++ b/java/org/apache/catalina/servlets/DefaultServlet.java -@@ -625,7 +625,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws Se - } - - InputStream resourceInputStream = null; -- -+ File tempContentFile = null; - try { - // Append data specified in ranges to existing content for this - // resource - create a temp. file on the local filesystem to -@@ -634,8 +634,8 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws Se - if (range == IGNORE) { - resourceInputStream = req.getInputStream(); - } else { -- File contentFile = executePartialPut(req, range, path); -- resourceInputStream = new FileInputStream(contentFile); -+ tempContentFile = executePartialPut(req, range, path); -+ resourceInputStream = new FileInputStream(tempContentFile); - } - - if (resources.write(path, resourceInputStream, true)) { -@@ -659,6 +659,9 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws Se - // Ignore - } - } -+ if (tempContentFile != null) { -+ tempContentFile.delete(); -+ } - } - } - -@@ -681,13 +684,7 @@ protected File executePartialPut(HttpServletRequest req, Range range, String pat - // resource - create a temp. file on the local filesystem to - // perform this operation - File tempDir = (File) getServletContext().getAttribute(ServletContext.TEMPDIR); -- // Convert all '/' characters to '.' in resourcePath -- String convertedResourcePath = path.replace('/', '.'); -- File contentFile = new File(tempDir, convertedResourcePath); -- if (contentFile.createNewFile()) { -- // Clean up contentFile when Tomcat is terminated -- contentFile.deleteOnExit(); -- } -+ File contentFile = File.createTempFile("put-part-", null, tempDir); - - try (RandomAccessFile randAccessContentFile = new RandomAccessFile(contentFile, "rw")) { - -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index cf2fa86bfcfa..84fbc23e0136 100644 ---- a/webapps/docs/changelog.xml -+++ b/webapps/docs/changelog.xml -@@ -222,6 +222,9 @@ - Add DataSource based property storage for the - WebdavServlet. (remm) - -+ -+ Enhance lifecycle of temporary files used by partial PUT. (remm) -+ - - - diff --git a/bugfix-for-cve-2025-31650.patch b/bugfix-for-cve-2025-31650.patch deleted file mode 100644 index 81a11b573df4fc1604e6f01dbb1f796d2a819468..0000000000000000000000000000000000000000 --- a/bugfix-for-cve-2025-31650.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 91b39b33d725e82f7a9c9bcdf2ac1d6fda761ef3 Mon Sep 17 00:00:00 2001 -From: Mark Thomas -Date: Wed, 19 Mar 2025 03:47:11 +0000 -Subject: [PATCH] Improve handling of unexpected errors during HTTP/2 - processing - ---- - java/org/apache/coyote/http2/Http2UpgradeHandler.java | 8 ++++++++ - java/org/apache/coyote/http2/LocalStrings.properties | 1 + - webapps/docs/changelog.xml | 3 +++ - 3 files changed, 12 insertions(+) - -diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java b/java/org/apache/coyote/http2/Http2UpgradeHandler.java -index a45a354..2c4880a 100644 ---- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java -+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java -@@ -47,6 +47,7 @@ import org.apache.coyote.http2.Http2Parser.Input; - import org.apache.coyote.http2.Http2Parser.Output; - import org.apache.juli.logging.Log; - import org.apache.juli.logging.LogFactory; -+import org.apache.tomcat.util.ExceptionUtils; - import org.apache.tomcat.util.http.MimeHeaders; - import org.apache.tomcat.util.http.parser.Priority; - import org.apache.tomcat.util.log.UserDataHelper; -@@ -439,6 +440,13 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH - log.debug(sm.getString("upgradeHandler.ioerror", connectionId), ioe); - } - close(); -+ } catch (Throwable t) { -+ ExceptionUtils.handleThrowable(t); -+ if (log.isDebugEnabled()) { -+ log.debug(sm.getString("upgradeHandler.throwable", connectionId), t); -+ } -+ // Unexpected errors close the connection. -+ close(); - } - - if (log.isTraceEnabled()) { -diff --git a/java/org/apache/coyote/http2/LocalStrings.properties b/java/org/apache/coyote/http2/LocalStrings.properties -index 6ab82e8..82251c9 100644 ---- a/java/org/apache/coyote/http2/LocalStrings.properties -+++ b/java/org/apache/coyote/http2/LocalStrings.properties -@@ -159,6 +159,7 @@ upgradeHandler.stream.error=Connection [{0}], Stream [{1}] Closed due to error - upgradeHandler.stream.even=A new remote stream ID of [{0}] was requested but all remote streams must use odd identifiers - upgradeHandler.stream.notWritable=Connection [{0}], Stream [{1}], This stream is in state [{2}] and is not writable - upgradeHandler.stream.old=A new remote stream ID of [{0}] was requested but the most recent stream was [{1}] -+upgradeHandler.throwable=Connection [{0}] - upgradeHandler.tooManyRemoteStreams=The client attempted to use more than [{0}] active streams - upgradeHandler.tooMuchOverhead=Connection [{0}], Too much overhead so the connection will be closed - upgradeHandler.unexpectedAck=Connection [{0}], Stream [{1}], A settings acknowledgement was received when not expected -diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml -index 1b9bc9e..cf70b67 100644 ---- a/webapps/docs/changelog.xml -+++ b/webapps/docs/changelog.xml -@@ -225,6 +225,9 @@ - - Enhance lifecycle of temporary files used by partial PUT. (remm) - -+ -+ Improve handling of unexpected errors during HTTP/2 processing. (markt) -+ - - - --- -2.39.3 - diff --git a/tomcat.spec b/tomcat.spec index 61c19f6bd32dfbee6dd7f488f319afbcd65b4f55..61f5250f8cdeb2ba682f8f481f35ade5ca7dd1e1 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -1,9 +1,9 @@ -%define anolis_release 3 +%define anolis_release 1 %global jspspec 2.3 %global major_version 9 %global minor_version 0 -%global micro_version 98 +%global micro_version 105 %global packdname tomcat-%{version} %global servletspec 4.0 %global elspec 3.0 @@ -54,11 +54,6 @@ Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch Patch4: rhbz-1857043.patch Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch -# https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72 -Patch7: bugfix-for-cve-2025-24813.patch -#https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9 -Patch8: bugfix-for-cve-2025-31650.patch - BuildArch: noarch BuildRequires: ant @@ -525,6 +520,11 @@ fi %doc {NOTICE,RELEASE*} %changelog +* Tue Jun 10 2025 wh02252983 - 1:9.0.105-1 +- update to 9.0.105 +- Fix CVE-2025-46701 +- The patch was removed because the new version already included the patch content + * Sat May 10 2025 yangjinglin01 - 1:9.0.98-3 - Fix CVE-2025-31650