From b225805ced6eed068da3e2c4f9b65951fdba0d1b Mon Sep 17 00:00:00 2001 From: Coty Sutherland Date: Aug 05 2016 13:43:24 +0000 Subject: Resolves: rhbz#1347838 The security manager doesn't work correctly (JSPs cannot be compiled) --- diff --git a/tomcat-7.0-catalina-policy.patch b/tomcat-7.0-catalina-policy.patch new file mode 100644 index 0000000..0666d07 --- /dev/null +++ b/tomcat-7.0-catalina-policy.patch @@ -0,0 +1,38 @@ +--- conf/catalina.policy 2016-07-07 16:31:44.473000159 -0400 ++++ conf/catalina.policy 2016-07-07 16:32:14.349000359 -0400 +@@ -51,6 +51,36 @@ + }; + + ++// ========== RHEL SPECIFIC CODE PERMISSIONS ======================================= ++ ++// Allowing everything in /usr/share/java allows too many unknowns to be permitted ++// Specifying the individual jars that tomcat needs to function with the security manager ++// is the safest way forward. ++grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/jakarta-commons-collections.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/jakarta-commons-dbcp.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/ecj.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/log4j.jar" { ++ permission java.security.AllPermission; ++}; ++ + // ========== CATALINA CODE PERMISSIONS ======================================= + diff --git a/tomcat.spec b/tomcat.spec index 98e2e0a..a7bac4f 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -59,6 +59,7 @@ Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{js Group: System Environment/Daemons License: ASL 2.0 URL: http://tomcat.apache.org/ + Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz Source1: %{name}-%{major_version}.%{minor_version}.conf Source2: %{name}-%{major_version}.%{minor_version}.init @@ -83,6 +84,7 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat Patch2: %{name}-7.0.57-CompilerOptionsV8.patch # Adding patch to remove unsupport ant tasks/attributes Patch3: %{name}-7.0.65-build.patch +Patch4: %{name}-7.0-catalina-policy.patch BuildArch: noarch @@ -103,6 +105,7 @@ BuildRequires: jpackage-utils >= 0:1.7.0 BuildRequires: junit BuildRequires: log4j BuildRequires: wsdl4j + Requires: jakarta-commons-daemon Requires: jakarta-commons-logging Requires: jakarta-commons-collections @@ -233,6 +236,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch1 -p0 %patch2 -p0 %patch3 -p0 +%patch4 -p0 %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar @@ -632,8 +636,9 @@ fi %{_sbindir}/%{name}-jsvc %changelog -* Fri Jul 01 2016 Coty Sutherland 0:7.0.65-2 +* Fri Aug 05 2016 Coty Sutherland 0:7.0.65-2 - Resolves: rhbz#1352120 The javadoc package is useless; it contains one index.html +- Resolves: rhbz#1347838 The security manager doesn't work correctly (JSPs cannot be compiled) * Fri Nov 13 2015 Coty Sutherland 0:7.0.65-1 - Updated to 7.0.65