SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat6-6.0.32-38.1.noarch.rpm :
Tue Jan 8 13:00:00 2013 lijewski.stefanAATTgmail.com
- fix bnc#794548 - denial of service (CVE-2012-4534)

* apache-tomcat-CVE-2012-4534.patch
fixes apache#53138, apache#52858
http://svn.apache.org/viewvc?view=rev&rev=1372035
- fix a minor issue in apache-tomcat-CVE-2012-4431.patch
use the already initialized session variable instead of
an another call req.getSesssion()

Wed Dec 19 13:00:00 2012 lijewski.stefanAATTgmail.com
- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)

* apache-tomcat-CVE-2012-3546.patch
http://svn.apache.org/viewvc?view=revision&revision=1381035
- fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)

* apache-tomcat-CVE-2012-4431.patch
http://svn.apache.org/viewvc?view=revision&revision=1394456
- document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679)
in README.SUSE
- fixes
bnc#791423 - cnonce tracking weakness (CVE-2012-5885)
bnc#791424 - authentication caching weakness (CVE-2012-5886)
bnc#791426 - stale nonce weakness (CVE-2012-5887)

* apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch
http://svn.apache.org/viewvc?view=revision&revision=1380829
- fix bnc#789406 - HTTP NIO connector OOM DoS via a request with
large headers (CVE-2012-2733)

* http://svn.apache.org/viewvc?view=revision&revision=1356208

Mon Feb 6 13:00:00 2012 mvyskocilAATTsuse.cz
- fix bnc#742477 - iManager throws exception in its basic functionalities

* http://svn.apache.org/viewvc?view=revision&revision=1206324

* http://svn.apache.org/viewvc?view=revision&revision=1229027
- fix bnc#735343 - VUL-1: tomcat: Multiple weaknesses in HTTP DIGEST

* http://svn.apache.org/viewvc?view=revision&revision=1158180
fixes CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 and CVE-2011-1184
- fix bnc#743055 - VUL-1: CVE-2011-3375: tomcat: information disclosure
due to improper response and request object recycling

Thu Jan 5 13:00:00 2012 mvyskocilAATTsuse.cz
- fix bnc#727543 - VUL-0: Apache tomcat vulnerable to hash collision attack
backport upstream changes:

* add getCharset method for B2Converter
http://svn.apache.org/viewvc?view=revision&revision=1140904

* add isConfigProblemFatal method
http://svn.apache.org/viewvc?view=revision&revision=1199122

* GET POST parameter processing performance. Adds maximum number of
parameters per request (defaults to 10000) and new FailedRequestFilter for
rejecting requests with excessive number of parameters
http://svn.apache.org/viewvc?view=revision&revision=1200601
- fix bnc#712784 - tomcat6: add missing Requires on java >= 1.6.0

* add recommends on java >= 1.6.0 and java-devel >= 1.6.0

Thu Sep 15 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#715991 - VUL-0: tomcat authentication bypass and information
disclosure (CVE-2011-3190)

* http://svn.apache.org/viewvc?view=revision&revision=1162959

Mon Aug 15 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#706404 - VUL-0: tomcat user password information leak (CVE-2011-2204)

* http://svn.apache.org/viewvc?view=revision&revision=1140071
- fix bnc#706382 - VUL-0: tomcat information leak and DoS (CVE-2011-2526)

* http://svn.apache.org/viewvc?view=revision&revision=1146703
- fix bnc#702289 - suse manager pam ldap authentication fails

* source CATALINA_HOME/bin/setenv.sh if exists

Fri Feb 11 13:00:00 2011 mvyskocilAATTsuse.cz
- update to latest upstream version 6.0.32 (bugfix release)
- obsolete CVE-2010-4172 patch
- fixes bnc#669897 (CVE-2010-3718), bnc#669926 (CVE-2010-4476), bnc#669928
(CVE-2011-0013) and bnc#669930 (CVE-2011-0534)

Thu Dec 9 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#655440#c14 - clean workdir of tomcat\'s webapps to be sure
our fixed jsps will be redeployed on each update

Thu Nov 25 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#655440 - VUL-0: tomcat6: Apache Tomcat Manager application XSS
vulnerability (CVE-2010-4172)
http://svn.apache.org/viewvc?view=revision&revision=1037779
- fix bnc#653586 - spacewalk 1.2 requires jasper 5.5

* add offline jasper compiler /usr/bin/jspc
- unpack tarball to apache-tomcat-$VERSION-src directory directly

Tue Nov 2 13:00:00 2010 mvyskocilAATTsuse.cz
- Fix bnc#650130 - Update of tomcat6 not possible (cpio: Is a directory)

* workaround the rpm bug - it cannot update directory to symlink

* make /etc/tomcat6/Catalina/ as ghost file

* create link in %posttrans

Tue Sep 14 14:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.29 (bugfix release)
- fix bnc#625415: Tomcat6 does not have permissions to its own directories

* also fix the /etc/tomcat6/Catalina link target
- revert a setclasspath.sh changes
- disable user/group verification of tomcat owned files and directories to
allow easy change of the tomcat user without rpm --verify complaints

Thu Jul 15 14:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.28 (bugfix release)
- fix bnc#565901 - missing catalina.sh again

* move catalina.sh to CATALINA_HOME/bin

* add jpackage.org compatible CATALINA_HOME/bin/setclasspath.sh
- add missing logrotate requires
- install scripts with mode 0755

Wed Feb 3 13:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.24 (bugfix release). This obsoletes patch

* tomcat6-bug47316.patch
- Merged with tomcat6-6.0.18-10.jpp6.src.rpm

* return the jpackage.org license header in spec

* polish in spec (use more macros)

* add logrotate support

* add patch to document webapps in %%{_sysconfdir}/%%{name}/tomcat-users.xml

* move %%{_bindir}/d%%{name} to %%{_sbindir}/%%{name} and provide symlink to
%%{_sbindir}/d%%{name}

* add digest and tool-wrapper scripts

* explicitly unset CLASSPATH

* explicitly set OPT_JAR_LIST to include ant/ant-trax

* build and install sample webapp

* use copy instead of move to fix short-circuit install build

* version jsp and servlet Provides with their spec versions

* make initscript LSB-complaint

* add el subpackage

Tue Jan 5 13:00:00 2010 mvyskocilAATTsuse.cz
- fixed bnc#565901 - missing catalina.sh

* added catalina.sh (link from dtomcat6) to improve upstream compatibility

Wed Sep 30 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#542634: Tomcat NPE on start
applied patch from upstream bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3

Wed Aug 26 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#520532: marked all webapp/ROOT/
* files as config(noreplace)
- marked /etc/ant.d/catalina-ant as config(noreplace)

Mon Jun 15 14:00:00 2009 mvyskocilAATTsuse.cz
- added a missing -p1 for %patch0

Wed Jun 3 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#488061: work directory clean on tomcat stop
- update to 6.0.20 - the bugfix release:

* MemoryUserDatabase is read-only by default

* Allow huge request body packets for AJP13

* Never return an empty HTTP status reason phrase

* Prevent double initialisation of JSPs

* A node should ignore its own heartbeat messages

* Prettry error messages (instead of stacktrace) if shutdown port is disabled

Mon Mar 16 13:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#418664 - Tomcat6 installation has missing bits
- added /etc/ant.d/catalina-ant
- another fix for bnc#471639 - tomcat does not start/work

* merged a sysconfig and tomcat6.conf to allow a dtomcat6 start works

* also fixs (bnc#471639)
- fixed bnc#424675 - Access rights to /etc/tomcat6 directory not set right

* create a link from /etc/tomcat6/Catalina to /var/cache/tomcat6/Catalina
- removed a CATALINA_OPTS from stop in dtcomcat6 (bao#42951)


 
ICM