Changelog for
tomcat6-javadoc-6.0.32-7.34.1.noarch.rpm :
Wed Dec 19 13:00:00 2012 lijewski.stefanAATTgmail.com
- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)
* apache-tomcat-CVE-2012-3546.patch
http://svn.apache.org/viewvc?view=revision&revision=1381035
- fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)
* apache-tomcat-CVE-2012-4431.patch
http://svn.apache.org/viewvc?view=revision&revision=1394456
- document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679)
in README.SUSE
- fixes
bnc#791423 - cnonce tracking weakness (CVE-2012-5885)
bnc#791424 - authentication caching weakness (CVE-2012-5886)
bnc#791426 - stale nonce weakness (CVE-2012-5887)
* apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch
http://svn.apache.org/viewvc?view=revision&revision=1380829
- fix bnc#789406 - HTTP NIO connector OOM DoS via a request with
large headers (CVE-2012-2733)
* http://svn.apache.org/viewvc?view=revision&revision=1356208
Mon Feb 6 13:00:00 2012 mvyskocilAATTsuse.cz
- fix bnc#742477 - iManager throws exception in its basic functionalities
* http://svn.apache.org/viewvc?view=revision&revision=1206324
* http://svn.apache.org/viewvc?view=revision&revision=1229027
- fix bnc#735343 - VUL-1: tomcat: Multiple weaknesses in HTTP DIGEST
* http://svn.apache.org/viewvc?view=revision&revision=1158180
fixes CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 and CVE-2011-1184
- fix bnc#743055 - VUL-1: CVE-2011-3375: tomcat: information disclosure
due to improper response and request object recycling
Thu Jan 5 13:00:00 2012 mvyskocilAATTsuse.cz
- fix bnc#727543 - VUL-0: Apache tomcat vulnerable to hash collision attack
backport upstream changes:
* add getCharset method for B2Converter
http://svn.apache.org/viewvc?view=revision&revision=1140904
* add isConfigProblemFatal method
http://svn.apache.org/viewvc?view=revision&revision=1199122
* GET POST parameter processing performance. Adds maximum number of
parameters per request (defaults to 10000) and new FailedRequestFilter for
rejecting requests with excessive number of parameters
http://svn.apache.org/viewvc?view=revision&revision=1200601
- fix bnc#712784 - tomcat6: add missing Requires on java >= 1.6.0
* add recommends on java >= 1.6.0 and java-devel >= 1.6.0
Thu Sep 15 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#715991 - VUL-0: tomcat authentication bypass and information
disclosure (CVE-2011-3190)
* http://svn.apache.org/viewvc?view=revision&revision=1162959
Mon Aug 15 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#706404 - VUL-0: tomcat user password information leak (CVE-2011-2204)
* http://svn.apache.org/viewvc?view=revision&revision=1140071
- fix bnc#706382 - VUL-0: tomcat information leak and DoS (CVE-2011-2526)
* http://svn.apache.org/viewvc?view=revision&revision=1146703
- fix bnc#702289 - suse manager pam ldap authentication fails
* source CATALINA_HOME/bin/setenv.sh if exists
Fri Feb 11 13:00:00 2011 mvyskocilAATTsuse.cz
- update to latest upstream version 6.0.32 (bugfix release)
- obsolete CVE-2010-4172 patch
- fixes bnc#669897 (CVE-2010-3718), bnc#669926 (CVE-2010-4476), bnc#669928
(CVE-2011-0013) and bnc#669930 (CVE-2011-0534)
Thu Dec 9 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#655440#c14 - clean workdir of tomcat\'s webapps to be sure
our fixed jsps will be redeployed on each update
Thu Nov 25 13:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#655440 - VUL-0: tomcat6: Apache Tomcat Manager application XSS
vulnerability (CVE-2010-4172)
http://svn.apache.org/viewvc?view=revision&revision=1037779
- fix bnc#653586 - spacewalk 1.2 requires jasper 5.5
* add offline jasper compiler /usr/bin/jspc
- unpack tarball to apache-tomcat-$VERSION-src directory directly
Tue Nov 2 13:00:00 2010 mvyskocilAATTsuse.cz
- Fix bnc#650130 - Update of tomcat6 not possible (cpio: Is a directory)
* workaround the rpm bug - it cannot update directory to symlink
* make /etc/tomcat6/Catalina/ as ghost file
* create link in %posttrans
Tue Sep 14 14:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.29 (bugfix release)
- fix bnc#625415: Tomcat6 does not have permissions to its own directories
* also fix the /etc/tomcat6/Catalina link target
- revert a setclasspath.sh changes
- disable user/group verification of tomcat owned files and directories to
allow easy change of the tomcat user without rpm --verify complaints
Thu Jul 15 14:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.28 (bugfix release)
- fix bnc#565901 - missing catalina.sh again
* move catalina.sh to CATALINA_HOME/bin
* add jpackage.org compatible CATALINA_HOME/bin/setclasspath.sh
- add missing logrotate requires
- install scripts with mode 0755
Wed Feb 3 13:00:00 2010 mvyskocilAATTsuse.cz
- Update to 6.0.24 (bugfix release). This obsoletes patch
* tomcat6-bug47316.patch
- Merged with tomcat6-6.0.18-10.jpp6.src.rpm
* return the jpackage.org license header in spec
* polish in spec (use more macros)
* add logrotate support
* add patch to document webapps in %%{_sysconfdir}/%%{name}/tomcat-users.xml
* move %%{_bindir}/d%%{name} to %%{_sbindir}/%%{name} and provide symlink to
%%{_sbindir}/d%%{name}
* add digest and tool-wrapper scripts
* explicitly unset CLASSPATH
* explicitly set OPT_JAR_LIST to include ant/ant-trax
* build and install sample webapp
* use copy instead of move to fix short-circuit install build
* version jsp and servlet Provides with their spec versions
* make initscript LSB-complaint
* add el subpackage
Tue Jan 5 13:00:00 2010 mvyskocilAATTsuse.cz
- fixed bnc#565901 - missing catalina.sh
* added catalina.sh (link from dtomcat6) to improve upstream compatibility
Wed Sep 30 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#542634: Tomcat NPE on start
applied patch from upstream bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
Wed Aug 26 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#520532: marked all webapp/ROOT/
* files as config(noreplace)
- marked /etc/ant.d/catalina-ant as config(noreplace)
Mon Jun 15 14:00:00 2009 mvyskocilAATTsuse.cz
- added a missing -p1 for %patch0
Wed Jun 3 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#488061: work directory clean on tomcat stop
- update to 6.0.20 - the bugfix release:
* MemoryUserDatabase is read-only by default
* Allow huge request body packets for AJP13
* Never return an empty HTTP status reason phrase
* Prevent double initialisation of JSPs
* A node should ignore its own heartbeat messages
* Prettry error messages (instead of stacktrace) if shutdown port is disabled
Mon Mar 16 13:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#418664 - Tomcat6 installation has missing bits
- added /etc/ant.d/catalina-ant
- another fix for bnc#471639 - tomcat does not start/work
* merged a sysconfig and tomcat6.conf to allow a dtomcat6 start works
* also fixs (bnc#471639)
- fixed bnc#424675 - Access rights to /etc/tomcat6 directory not set right
* create a link from /etc/tomcat6/Catalina to /var/cache/tomcat6/Catalina
- removed a CATALINA_OPTS from stop in dtcomcat6 (bao#42951)