www/tomcat-devel: Update to 10.1.0-M14

Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and
if something accidently exposes the class loader this method can be used to gain
access to Tomcat internals.

Changes: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M14_(markt)

PR:		262975

3 files changed, 5 insertions, 5 deletions

diff --git a/www/tomcat-devel/Makefile b/www/tomcat-devel/Makefile
index 826163db21b3..60de0948a3ec 100644
--- a/www/tomcat-devel/Makefile
+++ b/www/tomcat-devel/Makefile
@@ -1,7 +1,7 @@
 # Created by: Alex Dupre <ale@FreeBSD.org>
 
 PORTNAME=	tomcat
-DISTVERSION=	10.1.0-M12
+DISTVERSION=	10.1.0-M14
 CATEGORIES=	www java
 MASTER_SITES=	APACHE/${PORTNAME}/${PORTNAME}-${DISTVERSION:C/([0-9]+)(.*)/\1/}/v${DISTVERSION}/bin
 PKGNAMESUFFIX=	-devel
diff --git a/www/tomcat-devel/distinfo b/www/tomcat-devel/distinfo
index b70f0ec30246..8d8073f2b630 100644
--- a/www/tomcat-devel/distinfo
+++ b/www/tomcat-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1647712201
-SHA256 (apache-tomcat-10.1.0-M12.tar.gz) = 54f749d366dbb505ff6b193b5a5474b33dcf3d5ac8dd5ac8f1b839d1e7691f04
-SIZE (apache-tomcat-10.1.0-M12.tar.gz) = 11901762
+TIMESTAMP = 1648808336
+SHA256 (apache-tomcat-10.1.0-M14.tar.gz) = 752323720700d71556a58ffcc476ec6235b66e2e48f28a22e8248d78bdb9c6b1
+SIZE (apache-tomcat-10.1.0-M14.tar.gz) = 11919780
diff --git a/www/tomcat-devel/pkg-plist b/www/tomcat-devel/pkg-plist
index d25eb0ba88d1..5415bb07e883 100644
--- a/www/tomcat-devel/pkg-plist
+++ b/www/tomcat-devel/pkg-plist
@@ -27,7 +27,7 @@
 %%T%%/lib/catalina-storeconfig.jar
 %%T%%/lib/catalina-tribes.jar
 %%T%%/lib/catalina.jar
-%%T%%/lib/ecj-4.22.jar
+%%T%%/lib/ecj-4.23.jar
 %%T%%/lib/el-api.jar
 %%T%%/lib/jakartaee-migration-1.0.0-shaded.jar
 %%T%%/lib/jasper-el.jar