tomcat10-docs-webapp-10.1.25-150200.5.25.1<>,ĉfJp9|]+9H/n{P*;zQ"ymste> EcYWFn`l}OaH3: 0,.7 4s벥PKEs0  -V z#C9AiԾBx"tLk0.S|th7ogy\N>@D?Dd - Z 'AGN      . /205x88;; ; q:Fq>$F$G$H'tI*X*Y*\*]-x^7b<c=.d=e=f=l=u=v@pzDDDTDXD^DCtomcat10-docs-webapp10.1.25150200.5.25.1The "docs" web application for Apache TomcatThe documentation of web application for Apache Tomcat.fJh03-ch2d,ZSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://tomcat.apache.orglinuxnoarchchown -R tomcat:tomcat /usr/share/tomcat/tomcat-webapps/docs/META-INF runuser -u tomcat -g tomcat -- xsltproc --output /usr/share/tomcat/tomcat-webapps/docs/META-INF/context.xml /etc/tomcat/allowLinking.xslt /usr/share/tomcat/tomcat-webapps/docs/META-INF/context.xml if [ ! -e /usr/share/tomcat/webapps/docs ]; then ln -sf /usr/share/tomcat/tomcat-webapps/docs /usr/share/tomcat/webapps/docs fiR/x>D@l5%8L@lH O>   |_!Z2,-E yR ' fKX#S267:)E!08n(N=q=Z+2#l.M" P$ZLLGPz48/m PR`YURdXLSXRs+9=j~[5{\&,++*<n15F< T \BO T r D P'5%QdWA큤A큤AA큤A큤A큤A큤A큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤fJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJfJb5af2b789564488a6c4da3aba85ae245d53b6801c9b952b6632814dc7ed6e6b4539ad0b2450e83e306f9e54b4a40c00aee470cbda377451026345655e1a1033e8da0786ed0925f8879e9ecf9bd2a3d94d21d1b23898bf5aa375f7efc40a5bcbebcbceb3df0d3fa7659a334cb9ec18688eff5f12a322cb5e4cc31fe14c201772f18ae0f6852f87a9f6a9720b19ed633a67d38caf7dfaea2fcd0ff2f1c7efc7576aa103a04a71295e67700d064b1d4bb8033969b44fe6fe3c5d3c076db5c7cb25d5e011d025ab549b18ecb3a0c3aba84b64e6cfb2d1a31e5ba0d5679fb6aceb7e4372821f4337d03bbe74059942085aa9db147d8d36cc41b456f22847f17af252c326e358c02efbe1e2317782d22265d23788bfb293f5053106f7b2f9e1398ce5dff7fdb1c70875875216ee3a18630a52140eab628d9cce7bcd7f69f56b5e4d0940d2c6bc5a98f6a2b3a94e27fb6114a0cf731a9d31106580940d114c438a8a7fe9c1ac4f3cf4d0b26efc1d5001fa157987701e7f24fd0362a7d5c96fceb4bd1c59196f39ac3295dafb6f58ad490fc032505d23216c14ef3282cc3f99b22c0308192090d25e234203ac0e60ff13a0fd80fd918587141619f798466bbc628b7a7a3424036f5c96430f5bb4e81b57ddde3da6ac620642963f3c27b1928c9847b3ef1ff7fdb1c70875875216ee3a18630a52140eab628d9cce7bcd7f69f56b5e4d09477f84b68ac01984d8566203b324eae905f1883f5dcffd6d8c7a6342a76547458d4825ba7885174a0632cf2a30c124a3900cea0f044a3e1b42550658cefee7ce4437cbd99c13c20b5710dfcea000d38bbd3a5cae2301a2a61a12d9a9d38bd72acab2459f0743cff421e724fe243454ffbeb472452d7f09d98e37982ec6d1ffc117b8134b028f5b8c206e18075b05790d27cc29c431bb9575033b37319751036f8dc5d18af5aebf5ad183db10b5d17d0caabb65a1b5371af6d4c2e1160c16649d6d9fdacbd36cf39f746e789faee0d09e629b6051395bae804fc88d309fdc8d50d2c9a402194554812a06dc8a09a1d591bde029343606c1c167c2ba79099a14e1f6ea9933b82e315fdea8859be28962fb497abe90186fceac3290758fe1f2a5547b7a887b989ba6bf7c67af5b2b38e071465ae2dc20ce161896a5fc8f4832669299ed004f3fd3f246b84a2b49275e77d99d61cb6c40fa4c66c855b0f983c5f2ded417576d71f4c50387781927cc771f8269673f1e75fca6a6e6892b41d64e316e2666d52ecd78494e5df9ba1a2d5adea873b264678744c4aec8c14d7e61fe97f57db692e24785f79099a558d554c83ca452afbf731dbe3f1d8d8e3d9a6136cf571a1f77a86b92cc872ba86a4ac538720debe5a075f56cf6ede6a52c1b1ec91b74124170097fa75647c657adb9bea424edb1eb646e0f04ca3120db39987aaaee800ba2f4c6806ed4a3e2ca487b25b66d6cdb3f7869a9c724950c2c8a8b9ed1e2b03c82afabdbd81db652aea065f7acc712a5ba5876824860c754aa6285c92d15383e67b8a23408648fc6deff19d4beeb4f3278a2c765f51abb713fc06a92c2a6f6e352f6961c29a3a74ff240cc1c4e56668db72bd13b1be9b753fb8972003921f8d69db5485e276f79d1c7680f0232af455e379129c8159152a068198cef2af1d23b6d1304803fcc7b1bfd9470434a6223cb8057cab6af314f05411be82ddf4dd4aeb0c47497d2500990f7c483691dbabf1b752e6a095ebb17a408544d7f6d76d4b6ff1763c8d53592aaacea0cc4cf7136d30ece7f6c44060edeb39cb6caf3a9728e410be53a2b8e1bf9f4449c8fe1e0c8d311328d4e4f33028f72d473f921a6d688eb48f68ef59f7e48bf8923cd3725e5c1386bb34a5c6ea79e3c56ee7a42f5f4fc1b016064a9d01c02dcc3b8b044f2b6a498bbb3c8806c4ba7da213e459e7f3192cc6fe283b738a48e231581f1841016253b5b4faf36ae70e9efff467abe462db4defa67086073a0bfb74be44edacebf561ee8e5735cb801ef3745dc930089d0dcf2f3b19d26caf8eb8417c0f7c9ff93d0b0448c47e7e7b795653b63546e217a68d084889cab840f66893b9253bcba357403199f0568efd62c881796ebb179a04bfc03b94162275f2ce661118498404c4482f60f34ccafb310db77be08b4e08c98fd757ff86890ce266969749c24d912ffbd87919a35aca064a16245378d5713e35e3f8755779566133f77443a8e248e34953dbaa4eb3011d833a713004ee2224d319368e90140dd39bdc5b952eb254f911144e369eb94ece93a89ae954f71ff84844529ce6d7a98e1aa5b58a699dcbf95ee629d36a33f5aeb7724c17c20e2c8d7b67af21bcf8b3d2c934f715d3394c82daec53180950274cb2241b365d66b8485101c9b4861337d3563d5bf1bf5807f54d5249115f9d190fb00461e7509c80bb8ac8f02ec82517e648e178ea9a3bbcaf9e9f428b1e8f84c4c664bc5d2803a553b447929b79fc98fc7de1b616c1e208dfe88ad40d589dce113a8c6e1c3944afbf522174a92b3c6885b0b3db79cc8bfaad776ad82e48a3edd473350025ac695b238677b6b45baaf65c523aa8ee464d7e3a9130b7ff3aa6df705c4ada182d2c1837f01a668c664456b5b0d0864fc4a8c5a0f938e714ba67829a698f86c8bd1f61b0a352129a2a2a5ab3fe3b9fd7380a72131037fec7ae111ef17923e608765e13584499f2bc33f5f521a8d73a8ac3314df79ded0d7b18b518a2c6c9e9acf3fc61b9f1a43a9b18c42cd592f39357b2ed3ff6be58a96553a325a6fa5ca431bf5a59f7c1d47ddc848ae38d93df95d13e0bc3c51ebcc96d2baa268911c4c8c7a0df95e3d87ae5778b65fbc18bbe29cb4e37f5368871071e20bfb8b6ac05f1cbfaeafea0d513f817d66cbb1c6960b7882f8b5110cbe7b9e1de483b3b991000b3a9bb9e25b6391b5e3658f6e606c0d41c2505fb8b609ce5f8eeb9415bc0a4211941f1967a82fde93ce9bab9391e44e5c1126a94709e63d42241fd2b60fb14bbae565017d48000bfd0c9f2521df1249ed757282286f8c1948bd1ca651cdd6c3a112140f954ef1caabb167accf7f00edb90c11ead065207afbd0f4250896e1abc6bcf9149f32cd43354816d7ab0b92bda268040d96e93f6d722dd0d8e0c7bb966dc8b0ad68fdd49475130e22a866b302f6991a4679d55641d33fa834eb69a31e9377f3df9571362786bf07e0d8ce1b655cfb6f421430825e681dab727d1d0ec4a41a370e44c89221b16d1f6c43800da6606e14bfdf933df895c8a7034907f60cf94803b51d03a37cafef6a9b7a1d7815a443eae4f3e708bc131bb39f4a0bcb66d1cabcc96b5333dbb4a88872ad0ad0185b6aa45cb6f500dd92d44efffec44be6d0982cfce76f59c718d118d3ded601ddcbc83fa2b6d8a618def4261bab8ca28a2b72d0b2177c18edd075b4ff1bb6d9b40a746d5bd3c1028fd4b4ac5ae7a3fb1077affdab78759afbdc8b5904812f00a637b9fa53f0dca49d5c620982d1c57ae7d4b23389b0d157630a666df5515cb8354f92fc238f0a8feed41a2170d2e8c7bb2d1cb515b537efa41875fdcdf6814367f3c26ec6212343ebc23c89faf905baa6fefe76632014128990c5b24a78d6fda66103bf62c11d6de3ff62553f0f28182db6c3064a4f6e8a43fcc4c4a710b4a7f8c3a1b6d6d955922cef74563502989ac7ae01258d8d4a91ad296bf07103c9d6e5e573fdbbef3672b01491ba8ad7b5486f1c4510d6235631fca6b1f65d650f787cd9f4fe7f5d0ee0804e8daeecdb399d3cf22fa47b07e7108e864d7d3d01f72ba38878a9af2275d86b88806048e71e5bbd054d9a37bce12aa0a4ef2a58b8718604b9a1305ebeb5f1ff0f722c34e089224533d3d7308d597ed8746ab7af18480e8964c6cc530a3e5ccdbcaecb2926e31fbc83c9d2c710ed52112c36fa422d381aec5ffb57c31912b60ca0e47b56634beaae1a4eb8c826f1329a1d49820814f018ba95a5b2ae5c8e349d57c6663aa87559d4b6c86b1b6a0cac0dba2ac0d6abdb2d037f07499a84df7f9a949e5e76a4d89dd3913b96e3ec691568f1581537f57b4e62863524bd1511017e7f252f23ac6c125160c39b14a2a0410d16b47d3901eee99d0090e19fdb28ab78e3fff49f571c5ece6cca5eaa4ca9bff421ce09b2021f4e4bc64a8264732de30b162cb05943d9b2e92bf27138de083e056ba73609403a3ef0ac82395a4fccae251ecef1878c569a3a5ee2f4e94f2b56e19054224482be0aa7b444ab8324ed0b0c25e3abacbd87be29732356c9bb890556675373ea9ed1d0e9b5678426d69296b6801c906ca378bb426aa3d6acdc3ba392abf7aa1d006749331fa8e97ac2202596a819dd382b46d051a28dca74875a851d97fcc71c78ca279754fabc2289a600aabecec4d9e4387cab9c7400aa2d0868a21c493df0e5da1622b319e915303b1aa2b72f3cb836057eed5699f522693cd0e6f9fbe497b6a0346fde3934cbcbd7c557a334c27bb34e69c7ed430ed4a4588c27f2a933b428f5a13403157e395a9d869d176c8dd256a5f28a042e4f863b42117f27a13e776a0e6ee6d54739b08b35741f43f5776bf51a193810b51d60285dc5d18af5aebf5ad183db10b5d17d0caabb65a1b5371af6d4c2e1160c16649d65d4dbfc82ee715a653291fb987dd565b6fc567ffee828d9e4c5f181c75eca0be63b93e248018e9520b508c50c9f61fb190bb7ed7c057598111baf79d07c3ad14afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f27777ed8ef290d149d7670fd0e91d8ce462ca0221a9f783f9568c826be69537dbe1f51dd9122e3a5d207011bd2be8ef0159b8a9f2891697af2988a40678c3b25e6459a74640882fe3518c2dbee942732531932e1a1bdcef34f8dcf41b2549e58622175fb4ec771511cd3b3383413ab2fa080f979bf8feb3924f7f9feb43a0b7ab7a1747beb2fbf3e0c693dc895b9210e25b3be9e5f259f63f18b7c63cbb3720fac2aa13ffc001c24a115b3c7300f3acb4c213c4bd9b086cfdb43e1026f72184ea39233ca9f865f421386a93cbcd28011e261e7d1617cbcb67fb91afa478b423ba77f590f993e0be9ee85c272f73f7f5487e2acc15e343e230d27d57d65f0798d26463f900c1bdc7f1451de33bf9b23f907bd421aae99865e8377735390a52e0c40f956342c86de1fbc0b8e583b22fa18dbd79b80b7e3a120e1e09a1c7e41cc99c928652077f18eb8c91f21e4f34b1997da8ecb6880a868611617db36a31e0fa9f7028f25c143d102bd1480ec552bf55e0b7ab5025980f7dc6e176670f5030777bce5ddbd3c1ac87bcf2df87bc93c0dd903a2467ced795dcd5c0d746f5c133a8123e5719faa554dac9723a9a5e66c3d1cd9a6864a71d7a8b8c087d2accb03bb8118910ebb34b737a833bff0de150b0e65dae5b8f2c51e928fc276c77611efca1bcdddb4eec9bd789939c08cbd20ebb0cbf754292acdecaac2e3b2031dcf0c36568f4099905699a2e9c4747dd9c7bdbc71884bb28d682918a4e7cfdc96adef282764ffcf9828f87b763eb6377c14de050a7812f252109ba7d4adea0847fe788e1c0da55723656b76bbdc2d07fbf7bd21a78c1a050d653d98d7094b2e6a0cded9f5efa0bb27fab60ad353b73560abf260ff7d62df0fa14603c923bef550672757f86f3be9191daccb33a0d7f34d1f4680799a1591749efae08debd99e9abcb3a52593b45f1398150a5c6ec2efaedd227b460a73be750830ade6097ce63f06e14e157758a55f9a845101298889d412edd84501bd9585d09a7864433768b6aadba1eecac56a6516bded9575c9fad50c185064b9f83728f99120b4b11dc589ebcb2ec798fb6399bd4d90eb6161ac04e8b8b228bedffab2723bec977c0198dc96730d30ff70b11c514e3cf32d5cfa0cd01cded9e8750f0f79e9c68b6f557c1bd3c9695762ccf7712d63869773ddb41b434422344552fc444a0b316b9e5538d39e12a76bc422e4584861b97a285f8a388a9d90b35611e5e4227f89107d0366975038ac6916fa4a671f8e00405aa04f6693bd7d43ca8f856c065644721bb9ba888b7db49a7262268fffd9d548f47fbe736a84a08c6afe67a4629ebf61249a6d36bab239f8fe695fcb9edc3b44c8b1604c8e0a6dc1a1e0a4e732e981f405c9f4a1dbe5d52304522ba388bc3795b390c85f5042e52d6a237f858be336a7f4e5c5d0e93efc161a2ee4f45d6f09820142369c84239bdcc688e6380235c53ec08bd56207048b9fd8620773e15051ac90f0bdbce12ab462c50c79a2fb020600e561f9c2dd3424d5d410335e3cf1d72be700fe3293b43cb47ba218d32be4e6cef4d3d795d404e73278f9aa2a2c0a30ab011ca126bf2fe3163c4b9c3e91597054815889bd1f2a6904548rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottomcat10-10.1.25-150200.5.25.1.src.rpmtomcat10-docs-webapp     /bin/shlibxslt-toolsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)tomcat10util-linux3.0.4-14.6.0-14.0.4-14.0-15.2-110.1.25-150200.5.25.1tomcat-docs-webapp4.14.1f&@feZeeПe@ee@e@eoedeSa@e)1@e 0@e 0@e;eRdld0d?@cc@c@c{h@cQ8@bγbbN@b!b@aaaA@a@a{@azamaamaama`X`Q@`OL@`OL@`3__F@_@___FN_!d^@^^_^@^Y^U @^1s^%@^!^@]҇]Γ@]4@]?]V]@\\\r@\k\j@\Yz\X)@\LK\?\8@\'a\[v[u[@[@[ug@ZZ_:Z!D@Z@YYYY:Y@Y@XZnW@WiW|W'A@WWKV@V2V`VA@UlI@UlI@UlI@UQU hU hTTи@ricardo.mestre@suse.commichele.bussolotto@suse.comdcermak@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comricardo.mestre@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comolaf@aepfle.demichele.bussolotto@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.comamehmood@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.commalbu@suse.commalbu@suse.commalbu@suse.comjengelh@inai.defstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comjavier@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comdimstar@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.commalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comsean@suspend.netmalbu@suse.comecsos@opensuse.orgmalbu@suse.commalbu@suse.commalbu@suse.defstrba@suse.commalbu@suse.comrbrown@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comecsos@opensuse.orgdziolkowski@suse.commalbu@suse.comastieger@suse.comtchvatal@suse.commalbu@suse.commalbu@suse.comdmacvicar@suse.dejcnengel@gmail.comtchvatal@suse.comdmacvicar@suse.dedmacvicar@suse.detchvatal@suse.comdmacvicar@suse.detchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comwittemar@googlemail.combmaryniuk@suse.com- Update to Tomcat 10.1.25 * Fixed CVEs: + CVE-2024-34750: Improper handling of exceptional conditions (bsc#1227399) * Catalina + Add: Add support for shallow copies when using WebDAV. (markt) + Code: Deprecate the WebdavFixFilter as it is no longer required. (markt) + Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64. Submitted by Daniel Lyko. (remm) + Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for retrieving extended/additional information from an established GSS context. (michaelo) + Fix: Correct a regression in the fix for 68721 that caused some instances of LinkageError to be reported as ClassNotFoundException. (markt) + Fix: Ensure that static resources deployed via a JAR file remain accessible when the context is configured to use a bloom filter. Based on pull request #730 provided by bergander. (markt) + Add: Introduce reference counting so the AprLifecycleListener is more robust. This particularly targets more complex embedded configurations with multiple server instances with independent lifecycles where more than one server instance requires the AprLifecycleListener. (markt) + Add: Small performance optimization when logging cookies with no values. (schultz) + Fix: Correct error handling for asynchronous requests. If the application performs an dispatch during AsyncListener.onError() the dispatch is now performed rather than completing the request using the error page mechanism. (markt) + Add: Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a customizable style. (schultz) + Add: Add more timescale options to AccessLogValve and ExtendedAccessLogValve. Allow timescales to apply to "time-taken" token in ExtendedAccessLogValve. (schultz) + Fix: Fix WebDAV lock null (locks for non existing resources) thread safety and removal. (remm) + Fix: Add periodic checking for WebDAV locks expiration. (remm) + Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo) + Fix: Remove MBean metadata for attibutes that have been removed. Based on pull request #719 by Shawn Q. (markt) + Update: Deprecate and remove sessionCounter (replaced by the addition of the active session count and the expired session count, as a reasonable approximation) and duplicates (which does not represent a possible event in current implementations) statistics from the session manager. (remm) + Fix: 68890 Align output encoding of JSPs in the Manager webapp with the XML declarations in those same files. (schultz) + Fix: Update Basic authentication to implement the requirements of RFC 7617 including the changing of the trimCredentials setting which is now defaults to false. Note that the trimCredentials setting will be removed in Tomcat 11. (markt) + Fix: Change the thread-safety mechanism for protecting StandardServer.services from a simple synchronized lock to a ReentrantReadWriteLock to allow multiple readers to operate simultaneously. Based upon a suggestion by Markus Wolfe. (schultz) + Fix: Improve Service connectors, Container children and Service executors access sync using a ReentrantReadWriteLock. (remm) + Fix: Improve handling of integer overflow if an attempt is made to upload a file via the Servlet API and the file is larger than Integer.MAX_VALUE. (markt) + Fix: 68862: Handle possible response commit when processing read errors. (remm) * Jasper + Fix: 68546: Small additional optimisation for initial loading of Servlet code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt) + Add: Add support for specifying Java 23 (with the value 23) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) * Web applications + Add: Add the ability to set a sub-title for the Manager web application main page. This is intended to allow users with lots of instances to easily distinguish them. Based on pull request #724 by Simon Arame. (markt) + Fix: Examples: Improve performance of WebSocket chat application when multiple clients disconnect at the same time. (markt) + Update: Examples: Increase the number of previous messages displayed when using the WebSocket chat application. (markt) + Fix: Examples: Improve performance of WebSocket snake application when multiple clients disconnect at the same time. (markt) * Coyote + Fix: Fix OpenSSL FFM use of ERR_error_string with a 128 byte buffer, and use ERR_error_string_n instead. (remm) + Fix: Fix a crash on Windows setting CA certificate on null path. (remm) + Fix: 69068: Ensure read timouts are triggered for asynchronous, non-blocking reads when using HTTP/2. (markt) + Update: 69133: Add task queue size configuration on the Connector element, similar to the Executor element, for consistency. (remm) + Fix: Make counting of active HTTP/2 streams per connection more robust. (markt) + Add: Add support for TLS 1.3 client initiated re-keying. (markt) + Fix: Improve the algorithm used to identify the IP address to use to unlock the acceptor thread when a Connector is listening on all local addresses. Interfaces that are configured for point to point connections or are not currently up are now skipped. (markt) + Fix: Align non-secure and secure writes with NIO and skip the write attempt when there are no bytes to be written. (markt) + Fix: Allow any positive value for socket.unlockTimeout. If a negative or zero value is configured, the default of 250ms will be used. (mark) + Fix: Reduce the time spent waiting for the connector to unlock. The previous default of 10s was noticeably too long for cases where the unlock has failed. The wait time is now 100ms plus twice socket.unlockTimeout. (markt) + Fix: Ensure that the onAllDataRead() event is triggered when the request body uses chunked encoding and is read using non-blocking IO. (markt) + Fix: 68934: Add debug logging in the latch object when exceeding maxConnections. (remm) + Fix: Refactor trailer field handling to use a MimeHeaders instance to store trailer fields. (markt) + Fix: Ensure that multiple instances of the same trailer field are handled correctly. (markt) + Fix: Fix non-blocking reads of chunked request bodies. (markt) + Fix: When an invalid HTTP response header was dropped, an off-by-one error meant that the first header in the response was also dropped. Fix based on pull request #710 by foremans. (markt) + Fix: Fix bnd jar descriptor to include the OpenSSL FFM support. (remm) + Fix: Add OpenSSL FFM classes to tomcat-embed-core.jar. (remm) + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native. OpenSSL support may be enabled by adding the org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server element when using Java 22 or later. (remm) * WebSocket + Fix: 68884: Reduce the write timeout when writing WebSocket close messages for abnormal closes. The timeout defaults to 50 milliseconds and may be controlled using the org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property in the user properties collection associated with the WebSocket session. (markt) * Other + Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby that runs on Java 17. (markt) + Update: Update to Commons Daemon 1.4.0. (markt) + Update: Update to Objenesis 3.4. (markt) + Update: Update to Checkstyle 10.17.0. (markt) + Update: Update to SpotBugs 4.8.5. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Switch to using the Base64 encoder and decoder provided by the JRE rather than the version provided by Commons Codec. The internal fork of Commons Codec has been deprecated and will be removed in Tomcat 11. (markt) + Update: Update NSIS to 3.10. (mark0t) + Update: Update UnboundID to 7.0.0. (markt) + Update: Update Checkstyle to 10.16.0. (markt) + Update: Update JaCoCo to 0.8.12. (markt) + Update: Update SpotBugs to 4.8.4. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt) + Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Fix: Release re-built using correct JDK version. + Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt) + Update: Update the internal fork of Apache Commons Codec to 1.16.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (remm) + Add: Improvements to Chinese translations by leeyazhou. (remm) - Modified patch: * tomcat-10.1-build-with-java-11.patch + rediff to changed context- Update to Tomcat 10.1.20 * Fixed CVEs: + CVE-2024-24549: Improved request header validation for HTTP/2 stream (bsc#1221386) + CVE-2024-23672: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection (bsc#1221385) * Catalina + Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) + Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) + Fix: 68692: The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support NIO2. (remm) + Fix: 68495: When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. (markt) + Fix: After forwarding a request, attempt to unwrap the response in order to suspend it, instead of simply closing it if it was wrapped. Add a new suspendWrappedResponseAfterForward boolean attribute on Context to control the bahavior, defaulting to false. (remm) + Fix: 68721: Workaround a possible cause of duplicate class definitions when using ClassFileTransformers and the transformation of a class also triggers the loading of the same class. (markt) + Fix: The rewrite valve should not do a rewrite if the output is identical to the input. (remm) + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to allow skipping over the next valve in the Catalina pipeline. (remm) + Update: Add highConcurrencyStatus attribute to the SemaphoreValve to optionally allow the valve to return an error status code to the client when a permit cannot be acquired from the semaphore. (remm) + Add: Add checking of the "age" of the running Tomcat instance since its build-date to the SecurityListener, and log a warning if the server is old. (schultz) + Fix: When using the AsyncContext, throw an IllegalStateException, rather than allowing an NullPointerException, if an attempt is made to use the AsyncContext after it has been recycled. (markt) + Fix: Correct JPMS and OSGi meta-data for tomcat-embed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) + Add: Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: 68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt) * Coyote + Fix: Improve the HTTP/2 stream prioritisation process. If a stream uses all of the connection windows and still has content to write, it will now be added to the backlog immediately rather than waiting until the write attempt for the remaining content. (markt) + Fix: Add threadsMaxIdleTime attribute to the endpoint, to allow configuring the amount of time before an internal executor will scale back to the configured minSpareThreads size. (remm) + Fix: Correct a regression in the support for user provided SSLContext instances that broke the org.apache.catalina.security.TLSCertificateReloadListener. (markt) + Fix: Setting a null value for a cookie attribute should remove the attribute. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext. + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm) + Fix: Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. (markt) + Fix: Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt) + Fix: Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt) + Fix: Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt) * Jasper + Add: Add support for specifying Java 22 (with the value 22) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: Handle the case where the JSP engine forwards a request/response to a Servlet that uses an OutputStream rather than a Writer. This was triggering an IllegalStateException on code paths where there was a subsequent attempt to obtain a Writer. (markt) + Fix: Correctly handle the case where a tag library is packaged in a JAR file and the web application is deployed as a WAR file rather than an unpacked directory. (markt) + Fix: 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) * Cluster + Fix: Avoid updating request count stats on async. (remm) * WebSocket + Fix: Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt) * Web applications Add: Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz) * Other + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Fix: 57130: Allow digest.(sh|bat) to accept password from a file or stdin. (csutherl/schultz) + Update: Update Checkstyle to 10.14.1. (markt) + Fix: Correct the remaining OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. Based on pull request #685 provided by Paul A. Nicolucci. (markt) + Update: Update Checkstyle to 10.13.0. (markt) + Update: Update JSign to 6.0. (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.7. (markt) + Update: Update Tomcat Native to 2.0.7. (markt) + Update: Add strings for debug level messages. (remm) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) - Regenerated patch: tomcat-jdt.patch- Add missing Requires(post): util-linux to have runuser into post- Add %%systemd_ordering to packages with systemd unit files, so that the order is the right one if those packages find themselves in the same transaction with systemd- Link ecj.jar into the install instead of copying it- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)- Fixed CVEs: * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)- Update to Tomcat 10.1.18 * Fixed CVEs: + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing (bsc#1217649) * Catalina + Update: 68378: Align extension to MIME type mappings in the global web.xml with those in httpd by adding application/vnd.geogebra.slides for ggs, text/javascript for mjs and audio/ogg for opus. (markt) + Fix: Background processes should not be run concurrently with lifecycle operations of a container. (remm) + Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt) + Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt) + Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt) + Fix: 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter(). (michaelo) + Update: The status servlet included in the manager webapp can now output statistics as JSON, using the JSON=true URL parameter. (remm) + Update: Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + Fix: 67793: Ensure the original session timeout is restored after FORM authentication if the user refreshes a page during the FORM authentication process. Based on a suggestion by Mircea Butmalai. (markt) + Update: 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs. (michaelo) + Fix: 66875: Ensure that setting the request attribute jakarta.servlet.error.exception is not sufficient to trigger error handling for the current request and response. (markt) + Fix: 68054: Avoid some file canonicalization calls introduced by the fix for 65433. (remm) + Fix: 68089: Improve performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: Use a 400 status code to report an error due to a bad request (e.g. an invalid trailer header) rather than a 500 status code. (markt) + Fix: Ensure that an IOException during the reading of the request triggers always error handling, regardless of whether the application swallows the exception. (markt) * Coyote + Fix: Refactor the VirtualThreadExecutor so that it can be used by the NIO2 connector which was using platform threads even when configured to use virtual threads. (markt) + Fix: Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2. (markt) + Fix: Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig method. (remm) + Fix: Relax the check that the HTTP Host header is consistent with the host used in the request line, if any, to make the check case insensitive since host names are case insensitive. (markt) + Add: 68348: Add support for the partitioned attribute for cookies. (markt) + Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) + Add: When calling SSLHostConfigCertificate.setCertificateKeystore(ks), automatically call setCertificateKeystoreType(ks.getType()). (markt) + Fix: 67628: Clarify how the ciphers attribute of the SSLHostConfig is used. (markt) + Fix: 67666: Ensure TLS connectors using PEM files either work with the TLSCertificateReloadListener or, in the rare case that they do not, log a warning on Connector start. (markt) + Fix: 67675: Support a wider range of KDF and ciphers for PEM files than the combinations supported by the JVM by default. Specifically, support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt) + Fix: 67927: Reloading TLS configuration can cause the Connector to refuse new connections or the JVM to crash. (markt) + Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are available, prefer 1.2.x since it supports the APR/Native connector whereas 2.0.x does not. (markt) + Fix: 67938: Correct handling of large TLS client hello messages that were causing the TLS handshake to fail. (markt) + Fix: 68026: Convert selected MessageByte values to String when first accessed to speed up subsequent accesses and reduce garbage collection. (markt) * Jasper + Code: 68119: Refactor the CompositeELResolver to improve performance during type conversion operations. (markt) + Fix: 68068: Performance improvement for EL. Based on a suggestion by John Engebretson. (markt) * Web Applications + Fix: 68035: Additional fix to the Manager application to enable the deployment of a web application located in a Host's appBase where the web application is specified by a bare (no path) WAR or directory name as shown in the documentation. (markt) + Fix: Examples. Improve the error handling so snakes associated with a user that drops from the network are removed from the game. (markt) + Fix: 68035: Correct a regression in the fix for 56248 that prevented deployment via the Manager of a WAR or directory that was already present in the appBase or a context file that was already present in the xmlBase. (markt) * Other + Update: Update Checkstyle to 10.12.7. (markt) + Update: Update SpotBugs to 4.8.3. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update UnboundID to 6.0.11. (markt) + Update: Update Checkstyle to 10.12.5. (markt) + Update: Update SpotBugs to 4.8.2. (markt) + Update: Update Derby to 10.17.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Brazilian Portuguese translations by John William Vicente. (markt) + Add: Improvements to Russian translations by usmazat and remm. (markt) + Add: 67538: Make use of Ant's task to enfore the mininum Java build version. (michaelo) + Update: Update Checkstyle to 10.12.4. (markt) + Update: Update JaCoCo to 0.8.11. (markt) + Update: Update SpotBugs to 4.8.0. (markt) + Update: Update BND to 7.0.0. (markt) + Update: The minimum Java version required to build Tomcat has been raised to Java 17. (markt) + Update: Update the OWB module to Apache OpenWebBeans 4.0.0. (remm) - Added patches: * tomcat-10.1-build-with-java-11.patch- change server.xml during %post instead of %posttrans - add libxslt-tools requirement- Fix server.xml permission (bsc#1217768, bsc#1217402) - remove serverxmltool and use xsltproc- replace prep setup and patches macro with autosetup- Initial packaging of Tomcat 10.1.14- Update to Tomcat 9.0.82 * Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods. * Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects- Update to Tomcat 9.0.80 * Catalina + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + 66513: Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + 66609: Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + 66618: Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + 66621: Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + 66622: Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + 59232: Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + 66665: Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + 66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + 66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. + Avoid protocol relative redirects in FORM authentication (CVE-2023-41080, bsc#1214666). * Coyote + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + 66602: not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + 66627: Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + 66635: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + 66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + 66842: When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket + 66548: Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + 66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications + Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + 66662: Documentation. Fix a typo in the name of the algorithms attribute in the configuration section for the Digest authentication value. + Documentation. Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1. + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + 66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations - Removed patch: * tomcat-9.0.75-CVE-2023-41080.patch + integrated in this version- Fixed CVEs: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) - Added patches: * tomcat-9.0.75-CVE-2023-41080.patch- Modified patch: * tomcat-9.0-osgi-build.patch + make it more robust to change in number of artifacts in bnd + do not enumerate jars, just take all jars from the aqute-bnd directory into the classpath- Require(pre) shadow because groupadd is needed early- Update to Tomcat 9.0.75. * See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt) * Fixes: + bsc#1211608, CVE-2023-28709 + bsc#1208513, CVE-2023-24998 (previous incomplete fix) - Remove patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch * tomcat-9.0-CVE-2021-41079.patch * tomcat-9.0-CVE-2022-23181.patch * tomcat-9.0-NPE-JNDIRealm.patch * tomcat-9.0-hardening_getResources.patch * tomcat-9.0.43-CVE-2021-43980.patch * tomcat-9.0.43-CVE-2022-42252.patch * tomcat-9.0.43-CVE-2022-45143.patch * tomcat-9.0.43-CVE-2023-24998.patch * tomcat-9.0.43-CVE-2023-28708.patch + integrated in this version * tomcat-9.0.43-java8compat.patch + problem with Java 8 compatibility solved in this version - Modified patch: * tomcat-9.0.31-secretRequired-default.patch - > tomcat-9.0.75-secretRequired-default.patch + rediffed to changed context * tomcat-9.0-javadoc.patch + drop integrated hunks * tomcat-9.0-osgi-build.patch + fix to work with current version - Added patch: * tomcat-9.0-jdt.patch + fix build against our ecj- Fixed CVEs: * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840) - Added patches: * tomcat-9.0.43-CVE-2022-45143.patch- Fixed CVEs: * CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622) - Added patches: * tomcat-9.0.43-CVE-2023-28708.patch- Fixed CVEs: * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513) - Added patches: * tomcat-9.0.43-CVE-2023-24998.patch- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt - use logrotate for catalina.out * update tomcat-serverxml-tool and spec to configure server.xml - Added patch: * tomcat-9.0-logrotate_everything.patch * tomcat-serverxml-tool.tar.gz - Removed: * tomcat-serverxml-tool-1.0.tar.gz- Use catalina.out for logging (bsc#1205647) - Added patches: * tomcat-9.0-fix_catalina.patch- Fixed CVEs: * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918) - Added patches: * tomcat-9.0.43-CVE-2022-42252.patch- Fixed CVEs: * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) - Added patches: * tomcat-9.0.43-CVE-2021-43980.patch- Do not hardcode /usr/libexec but use %%_libexecdir during the build * Fixes for platforms, where /usr/libexec and %%_libexecdir are different- Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8 - Modified patch: * tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead- Security hardening. Deprecate getResources() and always return null. (bsc#1198136) - Added patch: tomcat-9.0-hardening_getResources.patch- Remove dependency on log4j/reload4j completely (bsc#1196137)- Do not build against the log4j12 packages, use the new reload4j- Fixed CVEs: * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Added patches: * tomcat-9.0-CVE-2022-23181.patch- remove instance units from post scripts, they can not be reloaded- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) - Added patch: * tomcat-9.0-NPE-JNDIRealm.patch- Modified patch: * tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0- Fixed CVEs: * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279) * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278) - Added patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch- Fixed CVEs: * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558) - Added patches: * tomcat-9.0-CVE-2021-41079.patch- Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch - Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch- Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)- Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2020-17527.patch * tomcat-9.0-CVE-2021-24122.patch- Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) - Added patches: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947) - Added patch: * tomcat-9.0-CVE-2021-24122.patch- Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt) - Rebased patches: * tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch- Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt) - Rebased patches: * tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch - Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now- Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt) - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) - Rebased patches: * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602) - Added patch: * tomcat-9.0-CVE-2020-17527.patch- Add source url for tomcat-serverxml-tool - Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed - Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396)- Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163) - Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat- Fix CVE-2020-13943 (bsc#1177582) - Added patch: * tomcat-9.0-CVE-2020-13943.patch - Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)- Replace old specfile constructs. Remove support for SUSE 11.x. - Drop %systemd_requires, which is considered a no-op. - Trim redundant license mention from description. - Make documentation noarch. - Do not suppress errors from useradd.- Avoid hardcoding /usr/lib as libexecdir- Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Change tomcat.pid location from /var/run to /run (bsc#1173103) - Use the /sbin/nologin shell when creating the tomcat user - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly- Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt) - Fixed CVEs: CVE-2020-11996 (bsc#1173389)- Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) - Fixed CVEs: - CVE-2020-9484 (bsc#1171928) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt) - Notable changes: * Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann. * When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230. * Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.- Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) - Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Change default value of AJP connector secretRequired to false - Added patch: * tomcat-9.0.31-secretRequired-default.patch- Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: * CVE-2019-17569 (bsc#1164825) * CVE-2020-1935 (bsc#1164860) * CVE-2020-1938 (bsc#1164692) - Modified patch * tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context- Modified patch: * tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)- Change back the build to build with any Java >= 1.8 - Added patch: * tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types) - Renamed patch: * tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd- Change build to always use Java 1.8 (bsc#1161025).- Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729) - Removed patch: * tomcat-9.0-JDTCompiler-java.patch + It was not applied- Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt) - Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory - Removed patch: * tomcat-9.0-disable-osgi-build.patch + not needed- Add maven pom files for tomcat-jni and tomcat-jaspic-api- Distribute the pom file also for tomcat-util-scan artifact- Build against compatibility log4j12 package- Adapt to the new ecj directory layout- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) - increase maximum number of threads and open files for tomcat (bsc#1111966)- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar. - Fixed CVEs: - CVE-2019-0199 (bsc#1131055) - Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch- Build classpath directly with the geronimo jars instead of with symlinks to them- Don't overwrite changes made to server.xml contexts when updating bundled webapps.- Set javac target to 1.8 when building docs samples and serverxmltool- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp - Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes.- Require Java 1.8 or later (bsc#1123407)- Clean up OSGi manifest injection - Put embed maven metadata into embed subpackage - Use the .mfiles* lists generated by %%add_maven_depmap macro- Fix tomcat-tool-wrapper classpath error (bsc#1120745)- Fix tomcat-digest classpath error (bsc#1120745)- Update to Tomcat 9.0.14. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)- Add pom files for tomcat-jdbc and tomcat-dbcp - Add org.eclipse.jetty.orbit* aliases to correspondant artifacts- Update to Tomcat 9.0.13. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)- Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) - Fixed CVEs: - CVE-2018-11784 (bsc#1110850) - Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch- Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720)- Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files- Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)- Modified patch: * tomcat-9.0-javadoc.patch + Don't append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment- Update to Tomcat 9.0.2: * Major update for tomcat8 from tomcat9 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html * Rename all tomcat-8.0-* files to tomcat-9.0-* - Changed patches: * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-8.0-sle.catalina.policy.patch * Deleted: tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-8.0.33-JDTCompiler-java.patch * Deleted: tomcat-8.0.44-javadoc.patch * Deleted: tomcat-8.0.9-property-build.windows.patch * Added: tomcat-9.0-JDTCompiler-java.patch * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch * Added: tomcat-9.0-javadoc.patch * Added: tomcat-9.0-sle.catalina.policy.patch * Added: tomcat-9.0-tomcat-users-webapp.patch - Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version. - Commented out JAVA_HOME in /etc/tomcat/tomcat.conf - Added "tomcat-" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs - Fixed wrong %ghost file paths for alternatives symlinks- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Build with JDK 8 to fix runtime errors when running with JDK 7 and 8 - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016)- update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch- Added patch: * tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9- Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-5664 (bsc#1042910)- New build dependency: javapackages-local- Version update to 8.0.43: * Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745 - Renamed and rebased patches: * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch - Enable optional setenv.sh script. See section "(3.4) Using the "setenv" script (optional, recommended)" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662) - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api- update to 8.0.39: (boo#1003911) * Improve handling of I/O errors with async processing * Fail earlier on invalid HTTP request - includes changes from 8.0.38: * Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock * Improved UTF-8 handling for the RewriteValve - includes changes from 8.0.37: * Treat paths used to obtain a request dispatcher as encoded (configurable) * Various jdbc-pool fixes - drop tomcat-8.0.36-jar-scanner-loop.patch, upstream- Switch to commons-dbcp2 fate#321029- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch- Version update to 8.0.36: * Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) - CVE fixed by the version update: - CVE-2016-3092 (bnc#986359) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources- fix maven fragments paths to build in multiple distribution versions- Version update to 8.0.33: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) - Rebase tomcat-8.0-tomcat-users-webapp.patch - Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch- Fix fixme for the prereq preamble value - It seems systemd prints error on adding the @ services to macros so do not do that- package was partly merged with the scripts used in the Fedora distribution - support running multiple tomcat instances on the same server (fate#317783) - add catalina-jmx-remote.jar (fate#318403) - remove sysvinit support: systemd is required- update changes file for CVE information - Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27- Version update to 8.0.32: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) - Rebase patch: * tomcat-8.0.9-property-build.windows.patch- update to Tomcat 8.0.28 * Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)- Some whitespace cleanups- Remove pointless conflicts on provide/obsolete symbols- Version bump to 8.0.23 fate#318913: * Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)- Fix previous commit. Fix one rpmlint warning- Drop gpg verification from spec, it is done by obs- Fix build with new jpackage-tools- update to Tomcat 8.0.18: * Major update for tomcat8 from tomcat7 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Rename all tomcat-7.0-* files to tomcat-8.0-* * Update keyring file - Update windows patch to apply again: * Deleted: tomcat-7.0.52-property-build.windows.patch * Added: tomcat-8.0.9-property-build.windows.patch * Added:tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-7.0-tomcat-users-webapp.patch * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch- Version 1.1.30 or higher is required for APR listener (bnc#914725)/bin/shh03-ch2d 1720535775  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{$}~10.1.25-150200.5.25.1    docsBUILDING.txtMETA-INFcontext.xmlRELEASE-NOTES.txtRUNNING.txtWEB-INFjsp403.jspweb.xmlaio.htmlannotationapiindex.htmlapiindex.htmlappdevbuild.xml.txtdeployment.htmlindex.htmlinstallation.htmlintroduction.htmlprocesses.htmlsamplebuild.xmldocsREADME.txtindex.htmlsrcmypackageHello.javawebWEB-INFweb.xmlhello.jspimagestomcat.gifindex.htmlsource.htmlweb.xml.txtapr.htmlarchitectureindex.htmloverview.htmlrequestProcessrequestProcess.htmlauthentication-process.pngrequest-process.pngstartupstartup.htmlserverStartup.pdfserverStartup.txtbalancer-howto.htmlbuilding.htmlcdi.htmlcgi-howto.htmlchangelog.htmlclass-loader-howto.htmlcluster-howto.htmlcomments.htmlconfigajp.htmlautomatic-deployment.htmlcluster-channel.htmlcluster-deployer.htmlcluster-interceptor.htmlcluster-listener.htmlcluster-manager.htmlcluster-membership.htmlcluster-receiver.htmlcluster-sender.htmlcluster-valve.htmlcluster.htmlcontext.htmlcookie-processor.htmlcredentialhandler.htmlengine.htmlexecutor.htmlfilter.htmlglobalresources.htmlhost.htmlhttp.htmlhttp2.htmlindex.htmljar-scan-filter.htmljar-scanner.htmljaspic.htmllisteners.htmlloader.htmlmanager.htmlrealm.htmlresources.htmlserver.htmlservice.htmlsessionidgenerator.htmlsystemprops.htmlvalve.htmlconnectors.htmldefault-servlet.htmldeployer-howto.htmldevelopers.htmlelapiindex.htmlgraal.htmlhost-manager-howto.htmlhtml-host-manager-howto.htmlhtml-manager-howto.htmlimagesadd.gifasf-logo.svgcode.gifcors-flowchart.pngdesign.gifdocs-stylesheet.cssdocs.giffix.giffontsOpenSans400.woffOpenSans400italic.woffOpenSans600.woffOpenSans600italic.woffOpenSans700.woffOpenSans700italic.wofffonts.csstomcat.giftomcat.pngupdate.gifvoid.gifindex.htmlintroduction.htmljasper-howto.htmljaspicapiindex.htmljdbc-pool.htmljndi-datasource-examples-howto.htmljndi-resources-howto.htmljspapiindex.htmllogging.htmlmanager-howto.htmlmaven-jars.htmlmbeans-descriptors-howto.htmlmbeans-descriptors.dtdmonitoring.htmlproxy-howto.htmlrealm-howto.htmlrewrite.htmlsecurity-howto.htmlsecurity-manager-howto.htmlservletapiindex.htmlsetup.htmlssi-howto.htmlssl-howto.htmltribesdevelopers.htmlfaq.htmlinterceptors.htmlintroduction.htmlmembership.htmlsetup.htmlstatus.htmltransport.htmlvirtual-hosting-howto.htmlweb-socket-howto.htmlwebsocketapiindex.htmlwindows-auth-howto.htmlwindows-service-howto.html/usr/share/tomcat/tomcat-webapps//usr/share/tomcat/tomcat-webapps/docs//usr/share/tomcat/tomcat-webapps/docs/META-INF//usr/share/tomcat/tomcat-webapps/docs/WEB-INF//usr/share/tomcat/tomcat-webapps/docs/WEB-INF/jsp//usr/share/tomcat/tomcat-webapps/docs/annotationapi//usr/share/tomcat/tomcat-webapps/docs/api//usr/share/tomcat/tomcat-webapps/docs/appdev//usr/share/tomcat/tomcat-webapps/docs/appdev/sample//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/docs//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/src//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/src/mypackage//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web/WEB-INF//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web/images//usr/share/tomcat/tomcat-webapps/docs/architecture//usr/share/tomcat/tomcat-webapps/docs/architecture/requestProcess//usr/share/tomcat/tomcat-webapps/docs/architecture/startup//usr/share/tomcat/tomcat-webapps/docs/config//usr/share/tomcat/tomcat-webapps/docs/elapi//usr/share/tomcat/tomcat-webapps/docs/images//usr/share/tomcat/tomcat-webapps/docs/images/fonts//usr/share/tomcat/tomcat-webapps/docs/jaspicapi//usr/share/tomcat/tomcat-webapps/docs/jspapi//usr/share/tomcat/tomcat-webapps/docs/servletapi//usr/share/tomcat/tomcat-webapps/docs/tribes//usr/share/tomcat/tomcat-webapps/docs/websocketapi/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34713/SUSE_SLE-15-SP2_Update/eb9e1152beb020c044bbd3375830164d-tomcat10.SUSE_SLE-15-SP2_Updatedrpmxz5noarch-suse-linux       directoryASCII textXML 1.0 document, ASCII textHTML document, ASCII textHTML document, ASCII text, with very long linesexported SGML document, ASCII textPerl5 module source, ASCII textGIF image data, version 89a, 146 x 92PNG image data, 1873 x 846, 8-bit/color RGB, non-interlacedPNG image data, 2901 x 1431, 8-bit/color RGB, non-interlacedHTML document, UTF-8 Unicode text, with very long linesGIF image data, version 89a, 20 x 20SVG Scalable Vector Graphics imagePNG image data, 976 x 756, 8-bit/color RGB, non-interlacedWeb Open Font Format, TrueType, length 21956, version 1.1Web Open Font Format, TrueType, length 21092, version 1.1Web Open Font Format, TrueType, length 22604, version 1.1Web Open Font Format, TrueType, length 21252, version 1.1Web Open Font Format, TrueType, length 22748, version 1.1Web Open Font Format, TrueType, length 21184, version 1.1PNG image data, 146 x 92, 8-bit/color RGBA, non-interlacedGIF image data, version 89a, 1 x 1WU弾'1*utf-88919c0f112d58a218478d8c26b4497e8ae7773455b0ceadbc388883c7d6f77d8?7zXZ !t/wM]"k%3fhn?Q ό$܈ʹZ*L85ja2kO;0;c>c"3+r12=N7!{}yo-L頂5;&w1vn{^N31a,±qCG^5ReF Y,)#@ꝚpZVڙ8E>K焎,p覺$@ʝ -jtb<0υ؍xQQms[F4XW@C<$r琭bSW Eh9 :DL,40PwK!K?A`[QaͰ1$_>yZnЌz $2dA'¾9!à3]PSKs!ZTH[kCj^sAHFL5: ! 8EsTӹʯB$i M@rZVb{"QZR1 'S.S#*^0vC/2`kiaq{Êx-E$abXD&ؑIRibd;zM.ad XT i^ ǟ}QgRG4W"~s7A{β/ݛ\HⱴMيh ,)h@Ie}M-+spOE+ҭ;/ 8|(>>P28DF;.Ou[P"zb't0Ӆ%n;|0G<mߌ#uf 0hYjӮ3T#d${Uʼnڨm>l,&] cKJɡ7)qD!Dioo5PAA; Gf Q;F-%LMDXtI)82i\2ݰ9->[DJHq7bVҗ;i\d bNW֡]4Yu?<ҷZA=wBfB[|q^f_\4 1Ji]kpk#o/,rW^^&?A G72zYt̻gֹV3j&}QWGi$cTu}QeiΕ3? 懫yDjB-ς ͉t5%7ܤO,LWU.=m۬ dm BYuwb3jHKڵ3Dm(mh )4F1p~6\j:-P.b>9\~\f!A$ï#}^ⰳR |3ns[,*lTr~| LJU8Qe(1z7y"Ztϑ`x,WIH3N2:g|pV{F&}2W0D)IO t;-6ԑkB"69} ?(Fyk]SQUy710jO2D8yByTB~*p2{YA_+Q_oܐ+DWh=\:]ɌEQ=G:w5۲FZO=/6`ޠRs:6p92zg" "½xm x䀡o{'>n\G0IoZb~aB3:c&.b)CŞex4fR9hu[Udö_Tk%"똤C4XXpqB9 Hנ|y'4 /+)ЗQ]n&|K/9ƃJ +A$fqTY/`bԶoEҫzRr _Ԭg ;i (4it7c\+V}z*%z\(aXYJZUaT0=3 V0}:@/R'1IesǕ(PvwJ ^K1ˠG h0(ߘ Xسt.4Ǜ1AvD"p#^nzM*OL(ȟ̭QȰr>0| "FJkPJI-/#<ءrx0]Yo89bt;{˯+`{*̶uq]z%G9tnUţHelV;QVWcV 4ܫb]$aZgJSR7˜tl:OB=W]g~UxSդw_;`.;hA&&# Tz6$OW JN [thiyR omH)#BD&;v[=d6g!Htb<-=&T@ܨK*Q|:E>KnFUz?&署8:Ia_>Rk0 Qr^THy%#; PVY#L hel,C$76'x(?#]Ճ%I .  $;M5ذagY, Q +q9a8f ĠĐ,@^"*[BviߡLby8M.qrNC0^l?}z3"/U0R`bl6O gIB_§ڡ 8|:bI虬R_tHU%1HHho]=`&M#LHZ9GJȶKIXBZPᶪmW:ijV< GZ?5j[n2y n1X- حk@) kqN]sGS{nx1j֪݁ Nrna yΘɨ$ܘr[>GvKL]L)uQ'`PӪT7g:>Mv4|<:6O߸6]gQ3F*أeudA|뮶z: fJDq\u 1e1@2K!xjQv-] ,QIͫH>/`%YՀ#E,OSa̍~j9zוe C4)GH5t&/sb C/69`, [VwRH<.,-ao铞^`fηɔ\ubvYB Ob ~kW !8A)״e_#fLwҾ5 X5؀[|3%x[AUXfb#em$)S7W{m짙-oOW_3>A5 u"#3,IR]'(yfjAi\X sLr>Vƒ;1TMLޗNIh"EL1Y%.Y~g 9{T]Lk,f ͲIg._A0ۑOw7^ ǀC;v⯄"WSPqS{X ͔Oh:uz`ɕz37w{3uj3Ջۈu}zV\]hrڕLwP&S,ِ#- $d8y6Rm4?811,VXQ:#0 Y*|΀vDx v>䚥g.U8,Mb_g.cp8S{+dΜʠ&ko _;8Ӥ5'7*{^7r YBs'y:2>qz hFkp.a"}mq$BVH+Iz.gwL ϰYRzF|Y192Z<ʺeS6yxnvcQ"z8 _2q9,}^6󡔚O: I}$<^U_lfm1ȀN&&_v !K+_u32Bv ZA+USk}Y/ 6US)V|0p002wJ(TKGjnÖI`Vvlv_09,mZMGIi?-Sw~l2&4&cHՏyfD]'V7cZX?C[c&Xہ  Wタeq)7FzWGУjni+ RI> >3>AqW#"cD!P=d>:%\-7xj3yjhec{J2P ` _5|Z^[?+oSI?g؊pR淭w#:݀-~̫w 71#N*Ѐ❇STSS`cMz3pm3|cMxf4M`\-'Y^׸G%Ze+H S>p8ޅb7U9 >X#m#,}%%!$y7L.K7>J6hgD&dj ȝZښb݃gOkdpN5Lʹ + l"g|h݌3[8J^j6m1S+*P(% ~-}y-X?R)cz4]1?I2pb 30wrvIQGC+@]-Jx`bOKοXH\NwvY&/O\| ^4 ?ёżQ˂ #6%1oejpֻߛ_V* DF=}߾>DFC;Rkm{ y/n#R U!6*,\ ©qqMv+i)uy25B|>.{ zh!;4:|.v+yJ <Pq[Ǹi;{9LdOd@ l$f\ȷaJf}EiTZOM#i [ݑk|ѳCMؓ]Mm!S԰{{>ݼ0eljHQ:ļ}aC5ʧ\탤о8ĕtNjfҨ~qK+q^PY4Gu&ɫYN-!x HX}gZ<>}?\ Z<ƞYL*iW0B-^=r;HGV&QrY[@.d5ņy.:5۔P"8jBCߵ[8Fm!~OtC1V8uOcU㊮TavsKe=vM01jC.ߚMysDy1z|Џon1& /JiJ py.5OiH2ճN6:-j^~x`%w4 Ol.^BY@{, N?|q)ŕJJ%h"| ڃʯ+-e! KtŰ v}hj6Xȇuje0,:n5\0)8%&%Y$>HqcneJu㜩' UĥP2Z$;j `3`Đi~f?!RdUE{i|QFxI'\Rx6__7~+L[5f6AB:zTB<% Ƒ[zTZ>I;Ls. 5󈫂P&Ԗb%g܈ 3'*ؾ-NS'&? {(s)d  etX}0j "ҮN];K!}|sZ0Km::cj` ]H8,eb%9Pn rR&+Aɔ$xU.m4-<{U`BO[WEEq\- `#_T(-Nɍ@؃};ِF>6%/Aه{ _gқc~-=5Odn,"we, W=Q:eITi| A~*W3G5bf3D{>0Zࡲ׶LJ *()'QӳuK۬?|4k*ekwDÊX@y~L |ЧB3G2|td?s~*q[ʹ::3_P;W> P)fFzRq. Q, 1ASƯh\dN^?ll1o;d5#3sub1}A)2( 5f9ПQ  QpLstr_Ru>GuO-(3m240GsZH={ 3#muǨ:{c | I=%\,dm%iy=YCC*41 .7f2?Tc*W"t2 MW?8./z> (l@لl4neM&ԜTLfa"tKXgHtcFJ*X9E }/( v k?`Ao;LQ[j'uFg/Cn)};-zQk`ՓCt( 6( sŮ\sTP?BYo5bVؒ4xbJi' mȶ,q:|݄ABp_xmԅ+uT瑄KWl0[/7&26ޜv*r[kj+:bqOx8-Bu70ɭUAYD8aؙV6)XP *U?JJhC z~Of~DvcAQ)9xAUMՕm{ Rng,H4'^D, uЬ 6PXp_M¨MxjZ"8;sH{HDw{1}kac9@0ENBM.Ѹvjz'tlKVu|z0Qҧ'SH !^A=ޛ!kl ݔ Kdz>딣;|2/>#aYE.< W7Yͻ*6&Ζ'0ӳ KLɤUxeY++fqӶ 9f0vjץf9Jk.R cܦjxc/m*(z5E< 6p.D=B9Z/;^7拲*#|t;>wy4jPwd.wzf.(tvnFx3z5D6ho#tP0Ҭpj a܎kk1i9d\ Z(hHl+jP1$_ks!I K5Z\y.<}l:jllk~SF f5Yii~,~;\32v۟as R_k*)ӵ%HGccL4! 7=]No߃>Vc9D+$A<]iD/Q)!-ý:ACX 9wTe5 .eL/7_Z_4yd2{gK3w zbuU]lIY+o˖v9 =y2*?D$ҋӪ^LZҹTm,Bg%d"vvHV0g4ܶ dy&2kYbm UAO22fu}+?珑z.YP~@UF*a?i,b enH.y5o"ͷ9 q^pN/HAcIln`2 0z ] Չuѝ޴zo,Uqp [mDvίwOP;:fN܅,:(F1Dhq&]F˔8> =ؾg+Tdf$til4^B2"Z'(gc%%6#um# BzK1;-R>j%8:>Ac~h~KCa R;11}bذizPQ'k%𼵑.Eإ0ECJ:׹ O2 0$O'a K x]K'0 Cퟠ5f -5 't4+(o`~ZwCz9˞EĜ|it?J(r p[hS&|4ݲ_&`6lP˙7/AhϧLes f3|C\LAS*JM0&͝.+$Nh05JV7)Ӧ %qh\XO3Lt9ouRT8eP_-MW9:_˯R5?J;mcxc$yQ`.y>Q-g@ l6bF>'Smn#K &9Ha#u#p[.7np$wgFiR"iF7Pt}\YcJAKzˎeS ܵMa QО#E< kcsnf#F=x'/]5>#Gh\j3i4qu}K {g0]CgBZ (Ge%ٸ4IATI;`,&ﬖoTi uXsTH|ͽA5-lip7^ԧiHe&pK٥bjHώe8KXnb)Hz}?ڷ0TL>[D.=(t3!P١CxmZ%WAjɭQ |U~$dS)Ր7\ELW2`Gg^LC"gX|4^}o/×[&خ;sT@"gL顗Z3HD|`1= 72A#Zm( `6Я1)}RNb(j 27aSJJ*M}-m W!K\Gh[T{ !ڲB}D0bNO~Ķ})(^^当XRc`lJGFɋ?UQDMigk,m?t@J^T^LYALIЈ}Yh|ymV_FэY(d z*{'X,cVT!߫W}1oObF.a%=%KO67@jVoi,h!$B^z@Q }EV+: _x<ޫ$a~F'!y$[ 3q НmO͘aܲնzcpCf4E;WTv~̈́QKs(4*5p=7+&gڌ!/lC9Xh܄>quoٲ \r(3%b9ׂo& V>64 wvG Gdz]׭yph¼k0P7I|Wʇր14a*9ka:yy`9|nf Mqĝi𐫷)Ċ&w̟ ǂϪBLr%dm {U(mr2;Ǹ_\|$Yz Couq [ߧI#X%%A~D;YƣpV~_E^ 2sP{vz@ſPh5(n.=i^#au YX@}2aU+/d1*G^ Quۓ;zrkו Hy!a@]R^-X(?g}vŤN7ݚn^0HJ9NE9ј>' G(̏>1ץ%FQED={F@{.:ƿxHE;}}zdkvHUɇEsY/> ئfK`1;G e{6fzZ:.'*0f7@CWR|*Qz/`Bmo4]] x)3 ~M› őA q" oE1vJl)J:bU݆ inTU[<`B;uw 8 5ͳ)FCF G[#QΡ&^$ "AG @ .J{ vb>nmYQSgE'Jn.|slOnM$,c/~b|84Q_r,B;<9B?SuvJBS}pв~xrquN$P}Ykh>J%V{oޯ ch0 R;%"[;:~oӒo> d 蕄ږ|R{<x@>jSV|U{3x-55Dhn9NI ?晋hqվ;`ND-]EiM765 eDc^@\! T!$;~şu~ŇqNV16,M<+a~NףWl[6%iE"ݦ:GX+݅>gl-w[-{6)EnNzdv#?I?ۺϼF3%\Lu/eQ7VpʓʆM$)sYS̕ X~umgM0WxCSw73v@זx7/M~Ip3v@< |.md)kI}!bW$K}LoP bp ۪Ǔ@ fpS!=+ zƪ|xm'IS//m;i"4yvVyv)! >父ʄCbbu lsay_ӺcA~#_ fc[`cأ)›-xS=d8JSR*~Ve1rW! ժa?'yeEߎ̈́6Y="5K*}{߰ Hm-}f[aj _Z&G1Wzu R -ڕsnC*}jJc*ڨ=A,%WS* s߈7Qoo4cgu2.2E<G3% GX}Z:Ă+B =bKdY @Jcy21 `dI5ٞ!tҳLH?T1kߐJ˟c 7}nTiVRO.`IT  foJK>Hf@\̫sl KNGAh;n R` 5Z~p۔-Wm1t=sޱGIW^ ʷC!? DDT@ikFg4a#)i癏*eAVr4l +̐}ϗoovXm6&=-t<ڗD02ڍ͘7/l3! G@Q?߻XdqM( 3Hi7^أTglF:EkMS:R s\ *t[Z9oHgWH:IUG`&NS$~0- ۼiowpҾ,!E 9r^K>%*0KzaEX&#$˗Vo䗍 סA59?J YgPxk} c"Oy誘Ih~ttGIɈʋBe~$LO^5W2'"A\HmH"oP۝xNWd+7̗#GF,x~oЪ4"SFpx+5LN0QT/8_v~侄#s*6YxAڲX~n#m1)ڔؾ@. b1[̌K5YRlVIq1 :F`OxЧ[HZ298mJdCsOTzSX\ӪS|Xt#~4cԯBu;t=PoC>ssCv*:0^{ ̴'@f^ׂ)gʀadѐdGs۟2YY*BC- 9BSqMeXI,"ׅu>;Cc "$Xwǎ'2\QA셗ToIc2N疽 (m 3yj\ޓϫ y@kH&Ox [E$&Dp!ߵLDK`HW74@k8q2NЮ;Fu$eM&=o  i r1C[ _ 9'QUdƐB>Y |KnDuR uI Cè%;TM1<1IH6뜉J_g-^qHfྫOqڈܑRNʨV$Xc,d iS[?O?h]aR2_Yѹ/}6 QUɍLA=b[ w0tTq#mp[h0*}k=͊x `+$cbؾO;'ОD;Zټăm\<"A"?Cd>4Bx`QR JN+ ENX70g0$ycXjY<8ȍl_*T&k4osu{$i76)7+ “ZU 20*{e܆h@  [e > SHͳc}-?{3Zlb/4*m봜mnVcmm _ڏ NT6˪ӄ5dĨv׻n _-\$GS1R5#!l$۲q;n6W9\{h[GZF#(_,>m>0#V͗3ĐRdAQ>>hK"?*遫u6/ Uz8s8?kjYj_Lbs ©h_!`7x@|hdEm;z*V[ZID-8#nuv [|Vk1Vw#zO 11xX2MD7p*P=`KS'< `r (f tK2 .`V؛68=I=~@,v pvZRԯ0ygqKUBXar!>BDq|!2#Y^}h@R$wyY y*FWsIKg!Xx-;rXf˸S]J# !J{Hw #[Bqǩp77=ُ=$(,FO %k8ux$]Ly9>38M<Ч& Mz=Y{>߰ߝ|}Mw 3D2Ͽ 0,Kѐ劒meHJaqoM=R?$ F` QfqJ"GNy8X3cK1Rqx^5!^ݼ⊚v~ 9JiwJ;ws1kk' @èU+7i ЧcGS 81&maVQ:XwZL[p0ѶQ 0/8H%[^;OԑPo1}<ͮfg%+.Nɐ >Z4c V.uCF|ǜExʋfUٛFy\ YZ