www/tomcat-devel: Update to 10.1.0-M14

Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability: Effectively disable the WebappClassLoaderBase.getResources() method as it is not used and if something accidently exposes the class loader this method can be used to gain access to Tomcat internals. Changes: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M14_(markt) PR: 262975
2024-11-29 01:13:08 +00:00 · 2022-04-02 15:42:33 +02:00 · 2022-04-02 15:42:33 +02:00 · 530a0b5108
commit 530a0b5108
parent 3b95d6b48b
3 changed files with 5 additions and 5 deletions
--- a/www/tomcat-devel/Makefile
+++ b/www/tomcat-devel/Makefile
@ -1,7 +1,7 @@
 # Created by: Alex Dupre <ale@FreeBSD.org>

 PORTNAME=	tomcat
-DISTVERSION=	10.1.0-M12
+DISTVERSION=	10.1.0-M14
 CATEGORIES=	www java
 MASTER_SITES=	APACHE/${PORTNAME}/${PORTNAME}-${DISTVERSION:C/([0-9]+)(.*)/\1/}/v${DISTVERSION}/bin
 PKGNAMESUFFIX=	-devel
--- a/www/tomcat-devel/distinfo
+++ b/www/tomcat-devel/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1647712201
-SHA256 (apache-tomcat-10.1.0-M12.tar.gz) = 54f749d366dbb505ff6b193b5a5474b33dcf3d5ac8dd5ac8f1b839d1e7691f04
-SIZE (apache-tomcat-10.1.0-M12.tar.gz) = 11901762
+TIMESTAMP = 1648808336
+SHA256 (apache-tomcat-10.1.0-M14.tar.gz) = 752323720700d71556a58ffcc476ec6235b66e2e48f28a22e8248d78bdb9c6b1
+SIZE (apache-tomcat-10.1.0-M14.tar.gz) = 11919780
--- a/www/tomcat-devel/pkg-plist
+++ b/www/tomcat-devel/pkg-plist
@ -27,7 +27,7 @@
 %%T%%/lib/catalina-storeconfig.jar
 %%T%%/lib/catalina-tribes.jar
 %%T%%/lib/catalina.jar
-%%T%%/lib/ecj-4.22.jar
+%%T%%/lib/ecj-4.23.jar
 %%T%%/lib/el-api.jar
 %%T%%/lib/jakartaee-migration-1.0.0-shaded.jar
 %%T%%/lib/jasper-el.jar