From 530a0b5108770215b871ffce6096efde37e65a65 Mon Sep 17 00:00:00 2001 From: VVD Date: Sat, 2 Apr 2022 15:42:33 +0200 Subject: [PATCH] www/tomcat-devel: Update to 10.1.0-M14 Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability: Effectively disable the WebappClassLoaderBase.getResources() method as it is not used and if something accidently exposes the class loader this method can be used to gain access to Tomcat internals. Changes: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M14_(markt) PR: 262975 --- www/tomcat-devel/Makefile | 2 +- www/tomcat-devel/distinfo | 6 +++--- www/tomcat-devel/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/www/tomcat-devel/Makefile b/www/tomcat-devel/Makefile index 826163db21b3..60de0948a3ec 100644 --- a/www/tomcat-devel/Makefile +++ b/www/tomcat-devel/Makefile @@ -1,7 +1,7 @@ # Created by: Alex Dupre PORTNAME= tomcat -DISTVERSION= 10.1.0-M12 +DISTVERSION= 10.1.0-M14 CATEGORIES= www java MASTER_SITES= APACHE/${PORTNAME}/${PORTNAME}-${DISTVERSION:C/([0-9]+)(.*)/\1/}/v${DISTVERSION}/bin PKGNAMESUFFIX= -devel diff --git a/www/tomcat-devel/distinfo b/www/tomcat-devel/distinfo index b70f0ec30246..8d8073f2b630 100644 --- a/www/tomcat-devel/distinfo +++ b/www/tomcat-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1647712201 -SHA256 (apache-tomcat-10.1.0-M12.tar.gz) = 54f749d366dbb505ff6b193b5a5474b33dcf3d5ac8dd5ac8f1b839d1e7691f04 -SIZE (apache-tomcat-10.1.0-M12.tar.gz) = 11901762 +TIMESTAMP = 1648808336 +SHA256 (apache-tomcat-10.1.0-M14.tar.gz) = 752323720700d71556a58ffcc476ec6235b66e2e48f28a22e8248d78bdb9c6b1 +SIZE (apache-tomcat-10.1.0-M14.tar.gz) = 11919780 diff --git a/www/tomcat-devel/pkg-plist b/www/tomcat-devel/pkg-plist index d25eb0ba88d1..5415bb07e883 100644 --- a/www/tomcat-devel/pkg-plist +++ b/www/tomcat-devel/pkg-plist @@ -27,7 +27,7 @@ %%T%%/lib/catalina-storeconfig.jar %%T%%/lib/catalina-tribes.jar %%T%%/lib/catalina.jar -%%T%%/lib/ecj-4.22.jar +%%T%%/lib/ecj-4.23.jar %%T%%/lib/el-api.jar %%T%%/lib/jakartaee-migration-1.0.0-shaded.jar %%T%%/lib/jasper-el.jar